苹果Regional Regulatory Compliance Engineer

The Role The Infotainment Product Engineer will work closely with our Radio and Antenna engineering teams to support the launch and sustain the product lifecycle at our regional Service Centers and Gigafactory Shanghai. This role is an essential part of product development teams to understand the Design, Function and Quality metrics of our product. The role will then take this knowledge and work with our Gigafactory teams to protect for the products function and quality before, during and after our vehicle assembly process. This same knowledge will be used to support our Service Centers with any product concerns. This role will also work closely with our suppliers on any related product concerns or improvements. This engineer will be an integral member of our product development team and share the responsibility of holding our innovative product to a high level of customer satisfaction. Responsibilities: • Share the responsibility for the best execution of our infotainment products into our cars to the end of life • Collaborate on the development of multiple products with multiple cross functional teams: Electrical & Mechanical Design, Reliability, Supply Chain, Quality, Manufacturing, and other Engineering Teams • Interface directly with our design teams to clearly understand the hardware and software integration of our infotainment system and its components • Work in a complex and dynamic automotive assembly line and collaborate with the variety of manufacturing teams • Support our Project Managers by maintaining a progress tracking system that details and accounts for the variety of development tasks needed during a product lifecycle • Work with our Suppliers and Supplier Industrialization Engineers on the design, function, quality and launch of our infotainment products • Interpret, document and manage product CAD, drawings and specifications • Understand our product’s reliability, durability and environmental constraints (temp, humidity, vibration) • Support our product homologation and regulatory compliance • Troubleshoot our products, analyze and report potential root causes, and work to implement solutions • Support our Factory Firmware, and Field Service Engineering Teams in debugging our products with relative SW applications • Work with our Product Development, Factory and Service teams in testing our Radio & Antenna products at the component and system level

The Chief System Assurance Officer (CSAO) organization is responsible for establishing a Global Sovereign System Assurance Framework, ensuring that Ant International’s cross-border payment systems are intrinsically Visible, Controllable, Verifiable, Auditable, and Sustainable. The Head of Cryptographic Assurance & Verifiability will lead Ant International’s cryptographic trust architecture and verifiable compliance framework, ensuring that system integrity, data protection, and compliance are: • Cryptographically provable (not trust-based) • Tamper-resistant and independently verifiable • Aligned with global regulatory expectations • Embedded into system design and operations One-line mandate: Build cryptographic assurance systems that make Ant International provably compliant, tamper-proof, and regulator-verifiable by design. Key Responsibilities 1. Cryptographic Architecture & Key Sovereignty • Design and implement global cryptographic architecture for payment systems • Own Key Management Systems (KMS), including lifecycle, rotation, and access control • Ensure key sovereignty and jurisdictional control aligned with regulatory requirements • Enforce strong encryption standards (data at rest, in transit, in use) 2. Verifiable Systems & Tamper-Proof Logging • Design tamper-proof logging and immutable audit trails • Implement cryptographic integrity mechanisms (e.g., hashing, signing, chaining) • Enable independent verification of system behavior and transactions 3. Secure Computation & Advanced Trust Technologies • Evaluate and deploy Trusted Execution Environments (TEE) and secure enclaves • Implement privacy-preserving computation and secure data processing (if applicable) • Explore advanced techniques such as zero-knowledge proofs or verifiable computation 4. Cryptographic Compliance & Regulatory Alignment • Align cryptographic controls with global regulatory and certification standards • Provide regulator-verifiable proof of system integrity and compliance • Support audits, inspections, and independent validation of cryptographic controls 5. “Don’t Trust Us, Verify Us” Architecture • Lead the design of verifiable-by-default systems • Enable real-time verification capabilities for regulators and auditors • Integrate cryptographic assurance into Control Tower and compliance platforms 6. Global Coordination & Engineering Integration • Partner with Security, Cloud, Data, Engineering, and Compliance teams • Embed cryptographic controls into DevSecOps, platform engineering, and system design • Align with Regional Assurance Hubs for localized regulatory implementation Key Deliverables • Fully implemented cryptographic proof-based compliance system • Tamper-proof, regulator-verifiable audit infrastructure • Proven end-to-end integrity guarantees for critical financial systems • Integration of cryptographic assurance into global Control Tower and audit frameworks

The Chief System Assurance Officer (CSAO) organization is responsible for establishing a Global Sovereign System Assurance Framework, ensuring that Ant International’s cross-border payment systems are intrinsically Visible, Controllable, Verifiable, Auditable, and Sustainable. The Head of Sovereign Cloud & Infrastructure will lead Ant International’s global sovereign cloud strategy, architecture, and control framework, ensuring that all public cloud deployments (including Alibaba Cloud and other providers) meet: • Data sovereignty and localization requirements • Regulatory compliance and auditability standards • Operational resilience and disaster recovery expectations • Cloud substitutability and exit readiness This role is the control owner for sovereign cloud architecture, ensuring that Ant International’s infrastructure is regulator-acceptable, resilient by design, and not dependent on any single provider. 1. Sovereign Cloud Architecture & Strategy • Design and enforce EU/UK sovereign cloud architecture aligned with regulatory expectations (e.g., DORA, GDPR) • Define and implement multi-cloud / hybrid-cloud strategy to ensure resilience and independence • Establish clear control boundaries between regions, systems, and cloud providers 2. Data Sovereignty & Localization • Implement data localization, residency, and jurisdictional control mechanisms • Ensure strict segregation of regulated data across EU/UK and other regions • Enable full visibility and control over cross-border data flows 3. Cloud Control & Compliance Enforcement • Act as control owner for cloud infrastructure compliance across Alibaba Cloud and other public cloud providers • Ensure cloud environments are audit-ready, traceable, and regulator-compliant • Embed compliance-by-design principles into infrastructure and platform engineering 4. Resilience, DR & Operational Continuity • Define and enforce global resilience architecture (Active-Active / multi-region design) • Ensure compliance with RTO / RPO requirements for critical financial systems • Lead disaster recovery planning, testing, and validation 5. Cloud Substitutability & Exit Strategy • Design and implement cloud exit strategies and portability mechanisms • Ensure workload portability across cloud providers (vendor independence) • Demonstrate regulator-acceptable substitutability capabilities 6. Global Coordination & Engineering Integration • Partner with Engineering, Security, Data, Risk, and Compliance teams • Align with Regional Assurance Hubs (EU / UK / US / APAC) for localized implementation • Integrate sovereign controls into DevSecOps and platform engineering practices Key Deliverables • EU/UK regulator-acceptable sovereign cloud architecture • Fully implemented data localization and control framework • Proven cloud exit and portability capability (tested and auditable) • Resilience architecture meeting Tier 0 financial infrastructure standards

1. Primarily you will be a very crucial part of the virtual team from Germany for public policy, regulatory affairs, compliance and issue management related to Vehicle Automation & Safety. You ‘sit’ in the regional office which needs a lot alignment between HQ and country offices but you will also ‘act’ in a timely manner to critical issues and sometimes liaise or lead unified programs and activities for the whole region in your domain. You need to collaborate closely with R&D, product planning, test and engineering, homologation, legal and compliance colleagues and external agencies. 2. One of the mandates for this position is to maintain a holistic analytical approach of policy and legislation development at both EU and UNECE levels related to Vehicle Automation & Safety in order to identify opportunities and risks. 3. Develop communication narratives and draft briefing materials and presentations, and advocate legislative, regulatory, and public policy positions in close collaboration with XPENG experts. Support XPENG’s mission of promoting a rapid transition to a much safer and securer advanced assisted driving and automated driving. 4. Being entrepreneurial, build and maintain healthy relationships with various external stakeholders including EU institutions, key member states’ governments, regulatory bodies, trade associations, and assess and explore potential local and regional business relationships and partnerships. Address external stakeholders’ expectations of XPENG in Europe and support steady growth of partnerships. 5. Participate in relevant events and represent XPENG in meetings and organize engagement activities. Explore and develop related collaborative projects.