Job Summary
The main purpose of this position is to facilitate and ensure the implementation of privacy standards for the assigned business clusters and to provide specialist consultancy on privacy to business clusters
Detailed description
- Facilitate the implementation of personal information (PI) measures as well as privacy tools, standards
and procedures for the assigned business clusters to ensure the lawful processing of PI.
- Conduct impact assessments on existing processes and new projects for the assigned business clusters to identify compliance gaps and recommend remedial actions.
- Drive the implementation of remedial actions on existing processes and new projects for the assigned
business clusters.
- Identify privacy training needs and gaps, and facilitate relevant training within the assigned business
clusters.
- Conduct and/or oversee audits on existing and new PI processes (including high-risk third parties) in the assigned business clusters, according to the priority agreed with the Data Protection Officer.
- Analyse data and identify patterns for the assigned business clusters, and provide insights and
recommendations to address any compliance gaps.
- Compile privacy reports for the assigned business clusters to the departmental management committees on compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).
- Ensure that any PI breaches are logged correctly by the assigned business clusters.
- Conduct the preliminary investigation in incident handling for any PI breaches, and coordinate and/or
participate in problem identification, root cause analysis and recommendations to prevent future
occurrences.
- Stay current with PI knowledge and skills in order to maintain professional expertise and relevant
accreditation.
- Establish and maintain stakeholder relations (internal and external) for ensuring continued compliance
with PI conditions.
- Keep abreast of industry developments and best practice, and ensure the application thereof within own work.
- Facilitate the implementation of the third-party risk assessment framework to ensure that third-party contracts comply with PI conditions.
Job requirements
- Bachelor’s degree in Compliance or Law (NQF 7), or an equivalent qualification
- At least 3–5 years of relevant work experience in data privacy and protection programme management processes, practices, technologies, risk management, audit and/or compliance
- At least 5 years of regulatory experience in the banking industry