Profileimage by Anonymous profile, Data Protection, Compliance, Outsourcing Management, Operational Risk, Consulting
available

Last update: 10.02.2023

Data Protection, Compliance, Outsourcing Management, Operational Risk, Consulting

Graduation: not provided
Hourly-/Daily rates: show
Languages: German (Limited professional) | English (Full Professional) | French (Limited professional)

Attachments

20230111-Tien-Pham-CV-DP_100223.pdf

Skills

My background and experiences targeting to Data Protection, Cyber Security, Compliance, Outsourcing Management and Operational Risk that would contribute to your esteemed organization’s regulatory compliance endeavours, goals and objectives.  
I graduated from the Netherlands’ Saxion University of Applied Science, holding the MBA of the America’s Troy University. I have more than 10 years experience in handling with many aforementioned compliance topics from: • Doing regulations/practices research to build up strategy or to provide advices to ensure the compliance with different laws; • Building up the related compliance policies/procedures; • Daily Compliance Monitoring Tasks; • Ensuring the sound implementation of laws and regulations; • Delivering awareness trainings; • Developing compliance monitoring program and preparing compliance reports; •Implementing the related IT applications.
My previous experience (not only Data Protection but also AML Compliance, FATCA, CRS, Fraud Detection, OpRisk, Payment, Trade Finance, Consulting skills, IT skills) has given me a big hand on sharpening my knowledge, skills on communication, strengthening the working-in-detail abilities that can be devoted totally in a practical approach to your organization’s solution.
I am look forward to meeting you to explore any opportunities/projects.

Project history

09/2019 - 02/2023
Data Protection Governance & Methodology
(Banks and financial services, 500-1000 employees)

Drafting Data Protection Policies, Procedures, Training Material. Designing and implementing GDPR Compliance Monitoring Program for 1st line of defense and 2nd line of defense.
• Reporting of residual risk and non-compliance within the Group based on DP controller activities and follow up of non-compliance and audit points until closing.
• Maintaining the correctness of Record of Processing Activities, IT Asset Inventory, Data Impact Analysis, Data Protection by Design & Default, Cookies Management.
• Managing Vendor Risk Management via excel and Onetrust tool. Implementing OneTrust system for GDPR purposes, in line with outsourcing management.
• Implementing Group data breach inventory & methodology based on ENISA methodology. Managing Data Subject Request for structure, unstructured data.
• Designing Data Protection Key Risk Indicators, measuring, monitoring using RCSA and reporting following the OpRisk & Risk Appetite of the Bank
• Ensure the GDPR awareness training for Subject Matter Experts, Function Heads, Project Managers

02/2018 - 09/2019
Risk and Compliance Officer
(Banks and financial services, 10-50 employees)

* Maintaining current knowledge of laws and regulations, keeping
abreast of recent changes; Drafting and updating the compliance
policies and procedures.
* Developing the compliance work plan that reflects the institution's
risks, providing advice to the board of directors, senior
management on compliance matters.
* Independently acting on matters related to compliance, including
the approval of low and medium risk clients as part of our
approval process and the investigation and reporting of
suspicious activities and transactions.
* Developing, coordinating, and participating in an educational and
training program that focuses on the elements of the compliance
program.
* Drafting policies and procedures, implementing of the risk
processes, tools and systems to identify, measure, manage,
monitor and report risks.
* Identifying and evaluating business areas' potential risks Key
Risk Performance Indicators, Risk & Control Self-Assessment
methodology. Performing root cause analyses on identified risk
events to give recommendation.

06/2015 - 11/2017
Senior Business Consultant
FICO Tonbeller

(Compliance Solution Provider)
* FATCA and Common Reporting Standard
* KYC Risk Assessment, Anti-money laundering
* Fraud Detection
Main Responsibilities
* Analyzing AEoI/OECD/FATCA/KYC/AML/Fraud Regulation,
White Papers;
* Making Best Practice Template in English (based on the
Regulation and the functionalities of Fico Tonbeller's IT
compliance solution) on word document and virtual machine. The
template includes: Short overview of regulator's requirements,
the scenarios, description of data delivery, system setting...;
* Discussing with customer on data supply delivery and adjusting
the Best Practice Template as customer's specification
documentation
* Designing scenarios in the compliance system based on the red
flags/indicators and data source of customers.
* Preparation on Training Material and Test/Examination
Questionnaires for Customer and Partner Training;
* Implementing the specification documentation as customer's
request on their Test Environment;
* Giving User Training at the customer site;
* Testing the effective of setting, advising on the correction of
defects if any
* Communicating with Technical consultant to make a work-around
solution for requirements which are beyond product's
standardization

VietinBank Vietnam and its oversea branches

10/2005 - 03/2015
Senior Risk & Compliance Manager
(Banks and financial services, 500-1000 employees)

* Operational Risk Monitoring: Consolidate, investigate and
fulfil Bafin's analyze loss incidents from incident reports submitted by other
Requirements) departments; Report loss incidents, findings and recommended
action plan to general management and head office; Follow up
on feedback and implement action plan as per general
management's resolution; Approval of operational risk report;
Follow up with mitigation/intervention actions; Conducting
operational risk self-assessment ("ORSA") report based on
assessment and rating of risk events from all department
(excluding IT); Conducting operational risk quality assessment
("ORQA") report based on assessment and rating of operational
risk management for all department; Drafting/Reviewing
business continuity plan/instruction (Critical analysis, ad hoc
corrective action and recovery, training plan) through
coordinating with other departments; Coordinating with business
unit to drafting/reviewing new product, new market process
(evaluating feasibility, IT, Accounting, regulatory requirement, risk
assessment); Regularly reviewing all outsourcing services and
reporting related risk events for further actions
* Risk Inventory and Material Risk Assessment: Organizing survey
and conduct one-on-one interviews of meetings with head of
departments; Recording all potential material risk events in excel
tool; Consolidating all risk events and providing final table of
material risk; Approval of risk inventory; Organizing survey and
conduct one-on-one interviews of meetings with head of
departments
* Risk strategy: Updating the Risk Inventory to the Risk Strategy
(including Capital Planning); Drafting/Reviewing the risk strategy
in line with the business strategy for approval by Co-Directors;
Consolidate, Update, maintain and implement adjustments to risk
management system, including risk management documents
* Quarterly Consolidated Risk Reporting: Drafting operational risk
section (includes result of stress testing)
* Compliance Risk Monitoring: Developing, implementing and
maintaining a compliance management system; Monitoring and
coordinating day to day compliance activities of other
departments to identify, access, communicate and control noncompliance
risks or incidents; Providing reports, advice, guidance
on compliance matters to related parties within Branch;
Identifying potential areas of compliance vulnerability and risk,
following up on the actions plans; Tracking changes on regulation
and legislation; Conducting a training and communication
program

Local Availability

Open to travel worldwide
Profileimage by Anonymous profile, Data Protection, Compliance, Outsourcing Management, Operational Risk, Consulting Data Protection, Compliance, Outsourcing Management, Operational Risk, Consulting
Register