Information Security & Data Protection Officer

About Topicus

Meaning something for society, that is what drives us. Making an impact with IT. We think that's the most normal thing in the world, but it makes working at Topicus fundamentally different. Millions of people use our products every day. IT solutions that really benefit healthcare, education, the financial world and the social domain. Topicus Vietnam is a dynamic and rapidly growing International IT company committed to innovation and excellence.

About the Role

We are looking for an Information Security & Data Protection Officer to lead the company's data protection and information security practices. The primary focus of this role is ensuring that personal data is handled responsibly and in compliance with applicable PDPL privacy regulations.

You will establish governance processes, maintain data protection documentation, and work closely with internal teams and external legal advisors to ensure compliance across the organization.

Key Responsibilities

Personal Data Protection & Compliance

• Lead the company's compliance with PDPL.
• Maintain records of personal data processing activities.
• Identify and document how personal data is collected, processed, stored, and shared.
• Support preparation of required documentation and registrations related to data protection.
• Coordinate with external legal advisors on privacy-related matters.

Data Governance

• Develop and maintain internal data protection policies and procedures.
• Implement processes for handling personal data requests (access, correction, deletion).
• Support data classification and data retention policies.

Risk & Security Controls

• Ensure appropriate security measures are in place to protect personal data.
• Conduct security and privacy risk assessments for systems and vendors.
• Support implementation of security standards such as ISO/IEC 27001.

Incident Management

• Coordinate response to potential data breaches or security incidents involving personal data.
• Support internal investigation and reporting requirements.

Awareness & Training

• Organize internal awareness programs on data protection and security practices.
• Advise teams on best practices when handling personal or sensitive data.

Requirements

• Bachelor's or Master's degree in Information Security, IT, Law, or a related field.
• 5+ years of experience in information security, compliance, or data protection.
• Strong understanding of privacy regulations such as PDPL and the GDPR.
• Familiarity with security standards such as ISO/IEC 27001.
• Experience working with engineering or IT teams in a technology environment.
• Strong documentation and policy development skills.
• Good communication skills in English.

Nice to have:

• Certifications such as CISSP, CISM, CIPP/E, or ISO 27001 Lead Implementer.
• Experience with cloud environments and SaaS platforms.

Benefits

• Fixed 13th-month salary and performance bonus.
• Full salary during probation and full social insurance coverage.
• Hybrid working model with a good work-life balance.
• Premium healthcare (including annual health check-up).
• 16 days of annual leave per year.
• 5 paid sick leave days.
• Dynamic and international English-speaking working environment.
• Regular gatherings (happy hours, bimonthly dinners, social events, etc.).
• Annual company trip.
• Fully stocked pantry with coffee and snacks.
• Budget for team activities.
• Supportive and diverse work environment that promotes continuous learning.
• Opportunity for traveling and training in the Netherlands.