Head of ISO Compliance & Legal DIGI-TEXX VIETNAM

The main responsibility of a Head of ISO Compliance and Legal is to oversee and ensure regulatory compliance and legal throughout the organization. This role combines the responsibilities of both ISO compliance and legal functions, with a focus on upholding ethical and regulatory standards and managing legal risks, safeguarding the company’s interests[AT1] . In addition, as a Board of Management member, the Head of ISO Compliance and Legal provides strategic leadership, governance, and oversight to an organization. ISO COMPLIANCE: 60% - Regulatory Compliance: Overseeing compliance with specific regulations that apply to the BPO industry, such as data protection and privacy laws, ISO9000, ISO27000, labor laws, financial regulations, and any other applicable regulatory frameworks. Monitoring Implement QISMS (ISO9000, ISO 27000) in coordination with executive and mid-level management. - Policy and Procedure Development: Developing and implementing comprehensive compliance policies, procedures, and controls to ensure adherence to QISMS, GDPR requirements. This includes drafting and reviewing internal policies, codes of conduct, and compliance manuals. - Risk Assessment and Management: Identifying compliance risks associated with the company's operations, processes. Assessing the potential impact of these risks and developing strategies to mitigate them. - Internal Investigations: Conducting internal investigations in response to suspected violations of laws, regulations, or company policies. Ensuring thorough and impartial investigations, implementing corrective actions when necessary, and reporting findings to senior management. - Internal & External Audit Management: Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to stakeholders’ expectations. Conduct periodic compliance audits and assessments to evaluate the effectiveness of the compliance program and make necessary improvements. - Ethics and Governance: Promoting ethical behavior and ensuring compliance with the company’s governance principles. Providing guidance on ethical dilemmas and fostering a culture of integrity and accountability within the organization. - Training and Awareness: Conducting training programs and awareness campaigns to educate employees about ISO compliance requirements, promoting a culture of compliance throughout the organization. LEGAL: 40% - Legal Compliance: Ensuring the company's compliance with all relevant laws, regulations, and industry standards. This involves staying updated on legal developments, assessing their impact on the company, and implementing policies and procedures to maintain compliance. - Legal Advice and Counsel: Providing legal advice and guidance to senior management and other departments within the organization. This includes assessing the legal implications of business decisions, providing guidance on potential risks, and offering legal solutions to support business objectives. - Contract Management: Reviewing and negotiating contracts with clients, vendors, and partners to ensure legal compliance and protect the company's interests. Assessing contractual risks and advising on appropriate risk mitigation strategies. - External Relationships: Liaising with external legal counsel, regulatory authorities, and industry associations to stay informed about legal and compliance developments, seek guidance when needed, and represent the company's interests in regulatory matters. - Reporting and Documentation Management: Ensuring timely and accurate reporting to regulatory authorities as required. Maintaining accurate records, documentation, and reporting systems related to legal and compliance matters. Initiating license registrations, and renewal procedures in a timely manner.

- Bachelor's degree or related certificates (preferred Admission to Bar) - Minimum 5+ years-experience related to conducting risk assessment for information systems and/or operations. - Minimum 3+ years-experience leading industry standard (ISO 9000, ISO27001) audits from either side. - Strong knowledge of applicable privacy laws (Data protection, GDPR…)[AT1]  - Awareness of IT security and privacy principles, including data governance, cybersecurity, and incident response. - Experience supporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings. - Demonstrate knowledge of corporate law, commercial law, other relevant laws, and regulations, including country-specific laws. - Knowledge of software licensing, intellectual property protection, and technology contracts. - Thorough understanding of vulnerability management, penetration testing, and attack simulations. - Strong analytical and problem-solving skills to assess risks and develop appropriate strategies. - Excellent communication skills, both written and verbal, to effectively convey complex legal and compliance concepts to non-legal & non-compliance professionals. - Ability to influence and advise senior management on legal and compliance matters. - Strong leadership abilities to manage a team and collaborate with stakeholders across different departments. - Fluency in English