The Technology Governance & Data Privacy Manager will be responsible to ensure data protection legislation compliance while ensuring the implementation of IDT policies, standards & procedures as well as technology governance matters. This candidate will mainly drive the implementation and execution of Decree No. 13/2023/ND-CP across departments, and serve as the main point of contact between stakeholders and data protection authorities. This candidate will also be assisting Head of Tech Risk Governance, and work closely with the Legal Division, in charting data privacy strategies to ensure full compliance with both the Decree on Personal Data Protection (Decree No. 13/2023/ND-CP) and Law On Cybersecurity Of Vietnam (Decree 53/2022/ ND-CP).
Data Privacy:
- Serve as the main point of contact within the organization for staff members, regulators, and relevant public authorities on issues related to data protection.
- Ensure that company policies are in compliance with codes of practice of Decree 13/2023 – Personal Data Protection.
- Evaluate the existing data protection framework to identify areas of no or partial compliance, and rectify any issues
- Devise training plans and provide data protection advice to staff members
- Inform and advise the data controller or data processor on all matters related to data protection
- Promote a culture of data protection and compliance across all units of the organization
- Provide expert advice and educate employees on important data compliance requirements
- Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
- Deliver training across all business units to staff members who are involved in data handling or processing
- Conduct assessment to ensure compliance and to address potential issues
- Maintain records of all data processing activities of the company
- Serve as point of contact for data protection authorities
Technology GRC (Governance, Risk & Compliance):
- Provide governance, risk, and compliance data insights to drive improvement across IT system
- Plan the implementation of processes and procedures for the identification and assessment of risk in the organisation’s information system
- Manage risks and maintain risk register relating to information technology risk.
- Measure and monitor IT compliance
- Provide insights and recommendations on risk management to the executive team
- Act as an advisor to provide business stakeholder’s IT risk practice in order to follow technology standards & procedures.
- Develop technology policies, standards & standard operating procedures for IT systems to ensure compliance with corporate governance.