Focus: Vietnam privacy, data, compliance frameworks & ComplianceOne regulatory alignment
Location: Vietnam, HCMC or Hanoi preferred
Language: Fluent Vietnamese required; strong English required
Type: Sweat equity / partner-level role
Compensation: 1% equity, no base salary for first 6 months
Start: As soon as possible
About AesirX
AesirX builds first-party privacy, consent, analytics, and GRC technology.
Our core platform, AesirX ComplianceOne, is a Vietnam-ready GRC platform that helps enterprises and law firms move from legal advice and policy documents into operational compliance, technical evidence, workflows, audit trails, and regulator-ready governance.
Our stack includes:
AesirX ComplianceOne - GRC workflows, evidence packs, regulatory frameworks, audit trails, DPIA/DTIA support, DSR/DSAR handling, vendor governance, and operational compliance management.
AesirX CMP - first-party consent-before-tracking enforcement.
AesirX Analytics - first-party analytics for compliant marketing, UX insights, and behavioral data governance.
Privacy Scanner / Privacy Monitoring / Privacy Review - technical privacy evidence services used to identify website tracking, third-party data flows, pre-consent risks, and remediation needs.
We are now scaling in Vietnam and building our local leadership team.
The Role
We are looking for a Head of Legal & Compliance - Vietnam to become the legal and regulatory anchor for AesirX in the Vietnamese market.
This role is ideal for someone who understands Vietnam’s fast-moving privacy, data protection, cybersecurity, AI, telecom, e-commerce, and sectoral regulatory landscape - and wants to work closely with our team to translate legal requirements into practical solutions that enterprises, DPOs, law firms, and compliance teams can rely on.
Your mission is to make sure AesirX ComplianceOne is not just commercially attractive, but legally precise, locally credible, and trusted by serious partners.
What You’ll Own
1. Vietnam regulatory framework ownership
You will be responsible for helping AesirX maintain accurate Vietnam regulatory coverage across:
- PDPL 91/2025/QH15
- Decree 356/2025/ND-CP
- Data Law 60/2024/QH15
- Cybersecurity Law and implementing rules
- Telecom Law and sector-specific data obligations
- E-Commerce Law / platform obligations
- AI Law / AI governance requirements
- Banking, fintech, insurance, education, healthcare, HR, and telecom overlays where relevant
You do not need to know every detail on day one, but you must be comfortable reading laws, decrees, circulars, official guidance, and translating them into practical obligations.
2. ComplianceOne legal framework mapping
You will help map Vietnamese legal requirements into ComplianceOne workflows, evidence packs, and platform logic.
This includes:
- Regulatory obligation mapping
- DPIA / DTIA / transfer assessment logic
- DSR / DSAR process requirements
- Consent and sensitive-data handling
- Vendor and processor governance
- Incident and breach workflow requirements
- Audit evidence requirements
- Law-firm and DPO operating needs
- Sector-specific compliance modules
The goal is to ensure that ComplianceOne reflects the actual work law firms, DPOs, compliance officers, and enterprises must perform in Vietnam.
3. Legal review of AesirX materials
You will review and help localize AesirX’s Vietnam-facing materials, including:
- Law firm partner decks
- Enterprise sales decks
- ComplianceOne one-pagers
- Privacy Review reports
- Website and LinkedIn content
- Vietnamese-language collateral
- Regulatory summaries
- Partner training materials
- Customer-facing legal/compliance explanations
AesirX’s brand is “no-bullshit compliance”. We do not overstate, invent, exaggerate, or make claims we cannot defend in front of regulators, law firms, banks, or enterprise clients.
Your role is to help keep that standard.
4. Law firm and partner support
AesirX works closely with law firms, consultancies, SIs, and other partners.
You will help:
- Support law-firm partner discussions
- Join partner briefings where legal/compliance depth is required
- Help explain how ComplianceOne supports legal advisory work
- Ensure AesirX complements law firms rather than competing with them
- Help structure practical cooperation models around Privacy Reviews, CMP, Monitoring, ComplianceOne, and evidence packs
- Support partner enablement content in Vietnamese
This is not a traditional law-firm role. You are helping build the technical compliance layer that law firms can trust.
5. Customer and enterprise compliance support
You may support commercial meetings where the buyer needs regulatory confidence, especially with:
- Banks
- Telcos
- FDI companies
- E-commerce platforms
- International schools
- HR-heavy companies
- Manufacturers and exporters
- Large enterprise groups
- Public-sector adjacent organizations
Your role is not to provide formal external legal advice unless separately agreed. Your role is to explain how AesirX maps legal requirements into operational controls, workflows, and evidence.
6. Internal legal and compliance governance
You will help AesirX stay clean and structured internally as we scale in Vietnam.
This may include:
- Reviewing partner terms and LOI structures
- Supporting customer contract language
- Reviewing local risk around reseller / referral / white-label models
- Helping define boundaries between AesirX technical compliance services and law-firm legal advisory services
- Supporting data protection and compliance policies for AesirX Vietnam operations
- Helping build a documentation culture around legal accuracy
What Success Looks Like
First 90 days
- Fully onboarded into AesirX ComplianceOne, CMP, Analytics, Privacy Scanner, Monitoring, and Privacy Review.
- Review and improve VN law firm partner deck and enterprise deck.
- Produce or validate a Vietnam regulatory framework map for ComplianceOne.
- Support at least 3-5 law firm / partner conversations.
- Review first Vietnamese-language materials for accuracy.
- Help define legal/compliance boundaries for partner, reseller, referral, and white-label models.
First 6 months
- Vietnam regulatory framework coverage inside ComplianceOne is materially stronger.
- AesirX has credible Vietnamese-language regulatory content for law firms, DPOs, and enterprises.
- Law firm partners trust AesirX as a technically strong and legally careful partner.
- ComplianceOne workflows are aligned with Vietnam’s operational compliance needs.
- Sales and partner materials are legally accurate and commercially usable.
- AesirX has a clear “legal advisory vs technical compliance layer” position in Vietnam.
First 12 months
- AesirX is recognized as one of the strongest technical compliance platforms for PDPL, Decree 356, Data Law, and related Vietnam data-governance obligations.
- ComplianceOne supports practical workflows for law firms, DPOs, enterprises, and regulated sectors.
- Vietnam becomes a model market for SEA expansion.
- The Head of Legal & Compliance becomes a key internal authority for Vietnam regulatory strategy.
Who You Are
You may come from:
- A law firm
- In-house legal / compliance
- Data protection / privacy consulting
- Risk / compliance advisory
- Banking / fintech / telecom compliance
- Public policy / regulatory advisory
- GRC / cybersecurity / data-governance consulting
You likely have:
- 5+ years of legal, compliance, privacy, risk, regulatory, or data-protection experience.
- Strong understanding of Vietnamese law and regulatory interpretation.
- Fluent Vietnamese and strong English.
- Ability to read, interpret, summarize, and operationalize legal texts.
- Comfort working with technical founders, product teams, and commercial teams.
- Interest in privacy tech, RegTech, GRC, AI governance, cybersecurity, and data compliance.
- Strong writing skills in Vietnamese.
- Ability to explain legal requirements in practical business language.
You do not need to be a software engineer.
You do need to be comfortable learning how technical systems collect, store, process, transfer, and prove data handling.
What We Do Not Need
This is important.
We are not looking for someone who only wants to write memos.
We are not looking for someone who wants a traditional corporate legal job.
We are not looking for someone who avoids ambiguity.
We are not looking for someone who needs a full team and fixed salary from day one.
We need someone who wants to help build a new category in Vietnam:
Technical compliance infrastructure for privacy, data governance, consent, evidence, and operational GRC.
Compensation & Structure
This is a high-ownership, sweat-equity role.
Equity
- 1% equity / stock options
- Earned through the first 6-month sweat-equity period
- Subject to formal option agreement and vesting terms
Base salary
- No base salary for the first 6 months
- The first 6 months are the earn-in period for equity and proof of role fit
- Base salary may be introduced after month 6 depending on revenue traction, funding, and performance
Commercial upside
This is primarily a legal/compliance leadership role, not a sales role. However, if you directly originate or materially support revenue-generating legal/compliance partner deals, a commission or success-based bonus can be discussed case by case.
Reporting & Collaboration
You will work directly with:
- Founder / CEO
- Chief Commercial Officer
- Vietnam Country Manager once hired
- Product / engineering team
- Law firm partners
- Enterprise customers and DPO stakeholders
You will be one of the key people ensuring that AesirX scales in Vietnam with legal accuracy, credibility, and trust.
How to Apply
Send an email with the subject:
Head of Legal & Compliance Vietnam - [Your Name]
to: ronni@aesirx.io
Please include:
- Short introduction
Who you are, your legal/compliance background, and why AesirX interests you.
- Relevant experience
2-3 examples where you worked on privacy, data, compliance, risk, cybersecurity, AI, telecom, banking, or regulatory matters in Vietnam.
- Vietnam regulatory view
In 1-2 pages, explain what you believe Vietnamese enterprises will struggle with most under PDPL, Decree 356, and the Data Law.
- Practical test
Pick one example use case, such as website tracking, DSR/DSAR handling, cross-border transfer, vendor governance, or DPIA. Explain:
- What the legal obligation is
- What the company must operationally do
- What evidence the company should keep
- How a platform like ComplianceOne could support that process