1/ Job Purposes:The Data Protection and Security Manager is responsible for safeguarding the organization’s sensitive data and ensuring the security and compliance of its information systems. This role combines strategic oversight of data protection initiatives and information security management, ensuring compliance with global data protection regulations (e.g., GDPR) and ISO standards (27000 series). The manager will lead the development, implementation, and maintenance of data protection policies, security measures, and response protocols, ensuring the organization's data handling practices are secure, efficient, and compliant with relevant laws. Act as the primary point of contact for both internal and external business partners on all data protection and Security-related topics.(As required) Officially registered Data Protection Officer per country entity; Operational responsibility on country/legal entity level to advise, audit, train and investigate data protection and Security issues.2/ Main Accountabilities:2.a/ Data Protection and Security Management System:Develop and implement country-specific Data Protection and Security procedures and guidelines in alignment with Regional/Global Data Protection and Security frameworks.Ensure compliance with local and international data protection laws, regulations, and industry standards.Conduct regular audits of data handling practices, retention policies, and security measures to ensure adherence to legal obligations.Work closely with legal and compliance teams to stay updated on changes to data protection regulations and to ensure alignment across the organization.Lead the development, implementation, and continuous improvement of the organization’s Information Security Management System (ISMS).Conduct risk assessments and vulnerability analyses to identify and mitigate security threats and weaknesses in the organization's infrastructure.Ensure the organization’s systems and networks are protected against internal and external security threats.Oversee incident response plans, ensuring quick and effective management of data breaches, cyberattacks, or other security incidents.2.b/ Internal Training and Awareness:Design, manage, and deliver regular security and data protection training programs tailored to different employee levels.Promote a culture of security awareness, ensuring all employees understand their role in safeguarding personal data and sensitive information.Provide guidance on privacy practices, secure data handling, and ensuring compliance with data protection laws and customer requirements.2.c/ Vendor and Third-Party Risk Management:Assess and manage data security risks posed by third-party vendors and service providers.Ensure contracts with third parties include adequate data protection clauses and that third-party services comply with security standards.Monitor and audit third-party data handling practices to ensure compliance with organizational data protection policies.3/ Process: Develop the data protection process to advise both internal and external business partners
4/ People Management:Lead cross-functional teams and collaborate with internal and external business partners to drive the data protection and security agenda, ensuring compliance with relevant data protection laws and the DPDHL Data Privacy Policy.Maintain professional relationships with Senior Management and Local Authorities on matters related to Data Protection and Security.5/ Requirements:Minimum of 5 years of experience in data protection, cybersecurity, or information security rolesRelevant management experience in an Asian country, preferably VietnamBachelor's degree in Information Security, Computer Science, or a related field.Experience working with Data protection laws (e.g., GDPR, local regulations) and Information Security frameworks (e.g ISO 27001, NIST)Experience in managing incident response, risk management, and audits.Strong understanding of data protection laws, cybersecurity threats, and industry standards.Familiarity with data encryption, firewalls, antivirus solutions, and other information security tools.Good presentation, communication and management skillsAbility to work collaboratively across teams (legal, compliance, IT, etc.) to ensure holistic data protection and security practices.Fluent in English verbal/written communication6/ Working Location: 11th Floor, Etown 2 Building, 364 Cong Hoa Street, Ward 13, Tan Binh District, HCMC