Detailed description

The successful candidate will be responsible for the following key performance areas:

• Facilitate the implementation of personal information (PI) measures as well as privacy tools, standards and procedures for the assigned business clusters to ensure the lawful processing of PI.
• Conduct impact assessments on existing processes and new projects for the assigned business clusters to identify compliance gaps and recommend remedial actions.
• Drive the implementation of remedial actions on existing processes and new projects for the assigned business clusters.
• Identify privacy training needs and gaps and facilitate relevant training within the assigned business clusters.
• Conduct and/or oversee audits on existing and new PI processes (including high-risk third parties) in the assigned business clusters, according to the priority agreed with the Data Protection Officer.
• Analyse data and identify patterns for the assigned business clusters and provide insights and recommendations to address any compliance gaps.
• Compile privacy reports for the assigned business clusters to the departmental management committees on compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).
• Ensure that any PI breaches are logged correctly by the assigned business clusters.
• Conduct the preliminary investigation in incident handling for any PI breaches, and coordinate and/or participate in problem identification, root cause analysis and recommendations to prevent future occurrences.
• Stay current with PI knowledge and skills to maintain professional expertise and relevant accreditation.
• Establish and maintain stakeholder relations (internal and external) for ensuring continued compliance with PI conditions.
• Keep abreast of industry developments and best practice and ensure the application thereof within own work.
• Facilitate the implementation of the third-party risk assessment framework to ensure that third-party contracts comply with PI conditions.

Job requirements

To be considered for this position, candidates must be in possession of:

• a Bachelor’s degree (NQF 7) in Compliance or Law or an equivalent qualification; 
• at least five to eight years of relevant work experience in data privacy and protection programme management, audit and/or compliance, practices, processes, risk management and technologies; and 
• at least five years of regulatory experience in the banking industry.