Data Privacy Officer

Job Description

To provide data privacy guidance, advice and support to business on data privacy matters; and to ensure requirements are met and risks are mitigated in accordance to applicable legislation and regulation.

• Review, enhance and (if required) design existing and new business processes that involve acquiring customer data, in order to ensure the necessary due diligence is followed in securing the data by designing privacy rules and processed within the technology applied.
• Review existing and new customer set-up processes to identify gaps and recommend process enhancements to mitigate any threats to customer data.
• Review processes, data exchange and systems within area of responsibility to identify potential data leakage to mitigate risks.
• In depth understanding of all systems that acquire, store and transfer customer data to ensure that the necessary controls are in place to secure data.
• Review and advise on appropriate solutions and controls by working with various providers to resolve data breaches.
• Drive the implementation and adoption of Enterprise/ Segment data privacy processes and capabilities (including protection risk assessments).
• Advise and guide relevant areas with respect to high-risk data, ensure it is managed appropriately and risks are mitigated.
• Understand the flow of data across systems to ensure compliance.
• Keep up to date with industry standards and collaborate with various stakeholders to align practices to legislation.
• Demonstrate thought leadership as it pertains to data privacy and protection risk and ensure that the risk exposure in this regard is understood.
• Research local and global trends pertaining to data privacy and protection, identifying best practices and precedence relating to enforcement activities.
• Provide privacy awareness, training (process, tools, legislation, etc.) and guidance to relevant stakeholders as and when required.
• Establish learning and development opportunities (knowledge sharing, best practice, etc.) for data privacy SMEs across the segment and business.
• Support the FirstRand Data Privacy and Protection Centre of Excellence (CoE), reporting processes and governance structures, including the FirstRand Data Privacy and Protection Committee.
• Support the review of the data privacy and protection control environment by Group Internal Audit and Compliance Monitoring functions.
• Review and implement the FirstRand privacy framework, policies, minimum standards, tools and guidance notes setting out the minimum compliance requirements across data privacy themes which includes but is not limited to:
• Third party/supplier privacy risk management;
• Data privacy governance;
• Embedding data privacy into business operations (includes privacy by- design; personal information retention and deletion; various data privacy risk assessments);
• Privacy notices;
• Processes and procedures relating to data subject rights, including the Promotion of Access to Information Act (PAIA) Manual;
• Information security risk management;
• privacy incident/data breach management.
• Advise on and interpret the privacy and control requirements emanating from data privacy and protection laws (e.g., the Protection of Personal Information Act, the General Data Protection.
• Regulation) necessary for the lawful processing of personal information.
• Provide input regarding privacy incidents and breaches and support in Regulator participation and engagement.
• Provide a privacy advisory service (related to various data privacy and protection laws and regulations that applies to FirstRand) and engage with the relevant segments and business units in conjunction with peers and other relevant SMEs and stakeholders.
• Review and provide input into the required privacy risk identification and assessment/evaluation measures.
• Review and provide into privacy risk appetite and privacy risk metrics/key risk indicators for the Group by supporting the implementation of these privacy risk metrics/key risk indicators.
• Enhance and improve the privacy risk and issue surveillance and tracking of remediation within area of accountability.
• Provide relevant reports to committees for informed decision making.
• Identify opportunities for business improvements and recommend to relevant area and stakeholders.
• Ensure customer and business operations implement suitable controls to limit data privacy incidents.
• Ensure timeous and accurate classification and reporting of privacy incidents.
• Provide oversight and monitor the lawful and ethical basis for processing of information (e.g. under POPIA) including Data classification (for PII, SPI, etc.), Data Privacy Assessments, Legitimate Interest Assessments.
• Participate in planned activities that are appropriate for own development.
• Develop, encourage and nurture collaborative relationships across area of specialisation.
• Build working relationships across teams and functional lines to enhance work delivery, collaboration and innovation.

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

13/11/24

All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.