The Technology Governance & Data Privacy Manager will be responsible to ensure data protection legislation compliance while ensuring the implementation of IDT policies, standards & procedures as well as technology governance matters. This candidate will mainly drive the implementation and execution of Decree No. 13/2023/ND-CP across departments, and serve as the main point of contact between stakeholders and data protection authorities. This candidate will also be assisting Head of Tech Risk Governance, and work closely with the Legal Division, in charting data privacy strategies to ensure full compliance with both the Decree on Personal Data Protection (Decree No. 13/2023/ND-CP) and Law On Cybersecurity Of Vietnam (Decree 53/2022/ ND-CP).
Serve as the main point of contact within the organization for staff members, regulators, and relevant public authorities on issues related to data protection.
Ensure that company policies are in compliance with codes of practice of Decree 13/2023 – Personal Data Protection.
Evaluate the existing data protection framework to identify areas of no or partial compliance, and rectify any issues
Devise training plans and provide data protection advice to staff members
Inform and advise the data controller or data processor on all matters related to data protection
Promote a culture of data protection and compliance across all units of the organization
Provide expert advice and educate employees on important data compliance requirements
Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
Deliver training across all business units to staff members who are involved in data handling or processing
Conduct assessment to ensure compliance and to address potential issues
Maintain records of all data processing activities of the company
Serve as point of contact for data protection authorities
Technology GRC (Governance, Risk & Compliance):
Provide governance, risk, and compliance data insights to drive improvement across IT system
Plan the implementation of processes and procedures for the identification and assessment of risk in the organisation’s information system
Manage risks and maintain risk register relating to information technology risk.
Measure and monitor IT compliance
Provide insights and recommendations on risk management to the executive team
Act as an advisor to provide business stakeholder’s IT risk practice in order to follow technology standards & procedures.
Develop technology policies, standards & standard operating procedures for IT systems to ensure compliance with corporate governance.
Yêu Cầu Công Việc
4 or more years of experience in data protection compliance, technology GRC or related field
Expertise in data protection laws and practices, or any other regulatory compliance matters
Experience in legal, big 4 firms, banking, financial insurance companies is a plus.
Ability to work effectively under pressure and to manage sensitive and confidential information
Excellent verbal and written communication skills, with strong attention to detail
Bachelor’s degree (or equivalent) in computer science, IT, MIS/BIS, information security, legal or related field.
Hands-on experience in designing and implementing technology policies, standards & procedures or data privacy framework practices.
Good knowledge of current and upcoming data privacy and cybersecurity laws in Vietnam.
A collaborative self-starter who can work independently, and be comfortable in a high-growth, fast-paced and dynamic environment.
Strong problem-solving skills; comfortable tackling complex problems and simplify business understanding into detail processes.
Strong communication, facilitation, consensus-building and project management skills.
Conceptual, practical thinking and implementation skills.