Senior Manager IT - Governance Risk and Compliance

SCOPE OF WORK

Lead IT GRC strategy across the Resort and digital platforms. Establish governance aligned with Vietnamese Cybersecurity Law and international best practice. Define IT policies, standards, and controls tailored to Resort operations. Ensure IT HOD has visibility of IT risk posture and compliance.

KEY RESPONSIBILITIES AND ACCOUNTABILITIES

• Lead enterprise IT GRC strategy across the Resort
• Establish governance aligned with Vietnam Cybersecurity Laws
• Ensure compliance with Personal Data Protection and Financial Data Protection
• Align frameworks with ISO 27001, NIST, COBIT, SOC2
• Define and enforce IT policies, standards, and control frameworks
• Lead enterprise IT & cybersecurity risk management program
• Identify, assess, and mitigate risks across the resort
• Maintain and report on enterprise risk register and treatment plans
• Conduct periodic risk assessments and control effectiveness reviews
• Ensure security and integrity of systems
• Manage risks related to Resort operations and process improvements
• Ensure compliance with gaming regulator IT audit requirements
• Support secure, compliant digital and customer-facing platforms
• Lead internal and external IT audits and regulatory inspections
• Ensure audit readiness and timely remediation of findings
• Maintain full documentation for compliance and licensing reviews
• Liaise with IT Head of Department for all key risks and remediation plans
• Ensure compliance with data localization, monitoring, and reporting requirements
• Oversee data governance, classification, retention, and access controls
• Manage cross-border data transfer compliance
• Ensure breach detection, response, and mandatory reporting obligations
• Manage third-party/vendor risk
• Enforce GRC requirements in contracts, SLAs, and onboarding processes
• Monitor vendor compliance with Vietnam cybersecurity regulations
• Partner with IT Security, SOC, and DevSecOps for integrated controls
• Govern cloud, infrastructure, and hybrid environment risks
• Oversee business continuity and disaster recovery planning
• Establish and track GRC KPIs, risk metrics, and executive reporting
• Promote strong risk-aware culture, training, and leadership across the organization

JOB REQUIREMENTS

• 5+ years of experience in IT Governance, Risk, and Compliance or Information Security
• At least 3–5 years in a leadership or senior management role
• Strong knowledge of Vietnam Cybersecurity Law and personal data protection
• Experience ensuring compliance with data localization and regulatory reporting requirements
• Familiarity with working with Vietnam regulators
• Proven experience with GRC frameworks (ISO 27001, NIST, COBIT, SOC 2)
• Hands-on experience managing IT audits, risk assessments, and compliance programs
• Experience maintaining risk registers and remediation plans
• Background in casino, hospitality, gaming, or regulated industries preferred
• Knowledge of third-party/vendor risk management practices
• Familiarity with Secure SDLC and DevSecOps integration
• Strong stakeholder management and executive communication skills
• Professional certifications preferred: CISSP, CISM, CISA, or similar