Manager – Technology Governance & Data Privacy

The Technology Governance & Data Privacy Manager will be responsible to ensure data protection legislation compliance while ensuring the implementation of IDT policies, standards & procedures as well as technology governance matters. This candidate will mainly drive the implementation and execution of Decree No. 13/2023/ND-CP across departments, and serve as the main point of contact between stakeholders and data protection authorities. This candidate will also be assisting Head of Tech Risk Governance, and work closely with the Legal Division, in charting data privacy strategies to ensure full compliance with both the Decree on Personal Data Protection (Decree No. 13/2023/ND-CP) and Law On Cybersecurity Of Vietnam (Decree 53/2022/ ND-CP).

Data Privacy:

• Serve as the main point of contact within the organization for staff members, regulators, and relevant public authorities on issues related to data protection.
• Ensure that company policies are in compliance with codes of practice of Decree 13/2023 – Personal Data Protection.
• Evaluate the existing data protection framework to identify areas of no or partial compliance, and rectify any issues
• Devise training plans and provide data protection advice to staff members
• Inform and advise the data controller or data processor on all matters related to data protection
• Promote a culture of data protection and compliance across all units of the organization
• Provide expert advice and educate employees on important data compliance requirements
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders
• Deliver training across all business units to staff members who are involved in data handling or processing
• Conduct assessment to ensure compliance and to address potential issues
• Maintain records of all data processing activities of the company
• Serve as point of contact for data protection authorities

Technology GRC (Governance, Risk & Compliance):

• Provide governance, risk, and compliance data insights to drive improvement across IT system
• Plan the implementation of processes and procedures for the identification and assessment of risk in the organisation’s information system
• Manage risks and maintain risk register relating to information technology risk.
• Measure and monitor IT compliance
• Provide insights and recommendations on risk management to the executive team
• Act as an advisor to provide business stakeholder’s IT risk practice in order to follow technology standards & procedures.
• Develop technology policies, standards & standard operating procedures for IT systems to ensure compliance with corporate governance.

• 4 or more years of experience in data protection compliance, technology GRC or related field
• Expertise in data protection laws and practices, or any other regulatory compliance matters
• Experience in legal, big 4 firms, banking, financial insurance companies is a plus. 
• Ability to work effectively under pressure and to manage sensitive and confidential information
• Excellent verbal and written communication skills, with strong attention to detail
• Bachelor’s degree (or equivalent) in computer science, IT, MIS/BIS, information security, legal or related field.
• Hands-on experience in designing and implementing technology policies, standards & procedures or data privacy framework practices.
• Good knowledge of current and upcoming data privacy and cybersecurity laws in Vietnam.
• A collaborative self-starter who can work independently, and be comfortable in a high-growth, fast-paced and dynamic environment.
• Strong problem-solving skills; comfortable tackling complex problems and simplify business understanding into detail processes.
• Strong communication, facilitation, consensus-building and project management skills.
• Conceptual, practical thinking and implementation skills.