Purpose

To ensure the lawful processing of personal information in accordance with data privacy, protection legislation and regulations that applies to FirstRand, including information management best practices that aim to provide an independent privacy compliance advisory, risk assessment and monitoring service to FirstRand segments and business units

Experience and Qualifications

Minimum Qualification – Bachelors Degree in Law, Risk Management, Information Management, Computer Science or Auditing
Preferred Qualification – Bachelors Degree in Law, Risk Management, Information Management, Computer Science or Auditing with CIPM and/or CIPP/E certifications
Experience – International Association of Privacy Professionals
Additional Knowledge – Strong knowledge of data privacy and protection laws, regulations, and best practices (includes the Protection of Personal Information Act and the General Data Protection Regulation)
Strong knowledge of the data privacy and protection control environment (i.e., controls that are required to ensure compliance to data privacy and protection laws and regulations) across privacy themes such as: third party/supplier privacy risk management, data privacy governance, embedding data privacy into business operations, privacy notices, processes and procedures relating to data subject rights, information security risk management and privacy incident/data breach management
Knowledge of compliance risk identification and assessment methodologies and processes
Experience in working with functional areas such as Information Security; Information Governance; Internal Audit and Compliance
Experience in privacy policy and framework development, including privacy risk identification, assessment, and reporting
Experience in providing thought leadership as it pertains to data privacy and protection
Experience in collaborating with industry bodies and engaging with Regulators
Experience in the development and rollout of data privacy and protection training and awareness interventions

Responsibilities

Identify and aggregate the privacy risk profile for FirstRand through the identification of underlying data privacy and protection risks and issues
Participate in planned activities that are appropriate for own development
Develop, encourage and nurture collaborative relationships across area of specialisation
Display and encourage an appreciation of teamwork and inclusivity
Compile reports that track progress and guide business to make informed decisions
Ensure development and continuous value add improvement to operational processes
Manages risks in own area of responsibility
Build working relationships across teams and functional lines to enhance work delivery, collaboration and innovation
Deliver customer experience excellence in own service delivery aligned to Organisational values and service standards
Provide input into the budget and manage and report on budget usage that reflects delivery of planned work within agreed parameters
Maintain and manage the existing privacy general awareness training interventions for FirstRand
Support the establishment of the Data Privacy and Protection Centre of Expertise or Excellence to deliver on its mandate and service areas by providing subject matter expertise services
Support the identification and rollout of targeted privacy training and awareness in the various FirstRand segments where required
Assist in establishing learning and development opportunities for the privacy compliance SMEs (subject matter) expertise in the Data Privacy and Protection Centre of Excellence (CoE)
Support the establishment of the Data Privacy and Protection Centre of Excellence (CoE) including the advisory capability through its deployed privacy compliance SME structure, mapped business processes, documented decision matrices and the CoE engagement manual
Lead and support Regulator engagement and participate in industry engagements on various data privacy matters by providing the necessary leadership and support on various data privacy matters involving the Regulator, including but not limited to privacy incident/breaches, responding to privacy complaints and drafting submissions on emerging privacy laws and regulations
Collaborate with industry bodies on various data privacy matters, which includes but is not limited to developing privacy codes of conduct and industry submissions on draft data privacy and protection laws and regulations
Provide a privacy compliance advisory service (concerning various data privacy and protection laws and regulations that applies to FirstRand) and engages with the relevant segments and business units in conjunction with their respective Data Privacy Officer/s and privacy compliance SME/s
Advise on and interpret the privacy compliance and control requirements emanating from data privacy and protection laws (e.g., the Protection of Personal Information Act, the General Data Protection Regulation) necessary for the lawful processing of personal information
Research local and global trends pertaining to data privacy and protection, identifying best practices and precedence relating to enforcement activities
Demonstrate thought leadership as it pertains to data privacy and protection risk and ensure that the risk exposure in this regard is understood
Support the FirstRand privacy governance, reporting processes and governance structures, including the FirstRand Data Privacy and Protection Committee.
Support the review of the data privacy and protection control environment by Group Internal Audit and Compliance Monitoring functions
Develop, review and/or amend the FirstRand Privacy Framework, Policies, Minimum Standards, Tools and Guidance Notes setting out the minimum compliance requirements across data privacy themes which includes but is not limited to: third party/supplier privacy risk management; data privacy governance; embedding data privacy into business operations (includes privacy-by-design; personal information retention and deletion; and legitimate interest assessments); privacy notices; processes and procedures relating to data subject rights, including the Promotion of Access to Information Act (PAIA) Manual; information security risk management; and privacy incident/data breach management