Senior Manager - IP Regulatory Compliance.Corporate Services

1. Multi-disciplinary, multi-functional, multi-dimensional and multi-levelled operating environment.
2. Operate in diverse and dynamic environment, which applies to internal stakeholders, such as business units and external stakeholders, such as Audit and Regulatory Authorities.
3. Operate within the MTN SA-Context (organisation-wide inclusive of subsidiaries and additional legal entities).
4. Subject to legislative requirements and best practice.
5. Deadline driven with multiple risks and management of IP organisationwide stakeholders, internal team and deliverables.
6. Information Privacy implementation activities initiated should be in line with the organisational strategy, structure and policies and should contribute towards the execution of the strategy.
7. Implementation activities should be in line with the KPA’s of the Corporate Services Department. 
8. Highly dynamic and fluctuating Telecommunications industry.
9. Within the legal, regulatory and compliance environment of South Africa.

Task Complexity:

Develop Information Privacy strategy and governance

• Contribute to IP strategy and alignment of organisational practices
• Optimise and embed effective IP Governance Model and Frameworks
• Analyse global regulatory landscape for Information privacy trends
• Align IP requirements to GDPR and other relevant best practice standards 
• Optimise and enhance IP Engagement structure to implement and drive IP regulatory initiatives and mitigate risks
• Provide input to the updating of an IP Maturity Model
• Quality assurance of all IP outputs
• Work with multiple custodial functions to ensure regulatory directives understood, accepted and implemented
• Engage with the Information Regulator and share all new regulation developments

Manage IP governance and compliance

• Maintain and update IP policy, standards, guidelines
• Ensure regular IP Assessments conducted and consolidate reporting on this
• Maintain MTN IP position statement from PoPI requirements, interpretation and embedment in the organisation (get all relevant input from IP Operational team)
• Stay abreast and enforce current Information Privacy legislation, standards and best practices
• Continuously interpret and translate relevant regulatory requirements and implement into all relevant IP artefacts (policies, standards, guidelines, processes, tools, frameworks, notices, contracts, clauses, etc.)
• Support completion and evaluation of Third Party questionnaires
• Ensure commercial clauses and arrangements that govern privacy and data protection are consistently applied within the organisation
• Review Third Party and Supplier contracts to ensure PoPI clauses and IP requirements included
• Ensure alignment of IP requirements across business units and all additional legal entities
• Work closely / collaborate with custodial functions to ensure IP compliance and embedment 
• Provide input to Glossary from an IP perspective
• Manage Business Compliance with specified business units, manage monthly IP meetings and close out Remedial actions
• Collaborate with relevant custodial functions to ensure IP compliance and embedment 

Manage PI Incident Management

• Maintain and update PI Incident Management policy and all associated artefacts
• Provide input to PI Incident Management processes, tools 
• Manage PI Incidents
• Effectively manage all PI Incidents (Customer, Business, Third Party and Employee) 
• Manage the PoPI mailbox and communicate to all Data Subjects’ questions, queries, concerns and incidents
• Root cause analysis on identified PI Incidents
• PI Incident root cause analysis post mortem reporting
• Provide IP SME advice to manage complex PI Incident / Breach situations
• Draft responses and communication to data subjects in relation to breaches and complaints, objections and queries.
• Distribute all communication to Information Regulator and other required compliance bodies

Manage Consent Management

• Update and Manage all IP notices for (Customer, Employee, Third Party)
• Manage implementation of all IP notices
• Manage Supplier (procurement and third party) update and embedment of processes in the business
• Provide input to Direct Marketing artefacts and embedment in the business
• Conduct Third Party/Supplier evaluations and provide relevant feedback to Business Units
• Ensure adherence to the Supplier (procurement and third party) process in business

Educate the business on Information Privacy

• Educate the business on  regulatory requirements relating to all IP focus areas 
• Manage and oversee the education of business on relevant IP focus areas: IP Consent & Notice; Direct Marketing, PI Incident Management
• Manage the creation of relevant training material and roll out of these
• Become the go-to-person for business on all IP Regulatory matters

Monitor and report on Information Privacy 

• Ensure compliance risk assessments are conducted on a regular business 
• Provide input to IP compliance risks and mitigation plans
• Assist in the monitoring of the effectiveness of the Information Privacy practices (regulatory requirements)
• Report on root cause analysis of incidents
• Evaluation of Data Subject requests to conduct Trend Analysis
• Report to Information Privacy Compliance Council
• Develop reporting tools, optimize and maintain relevant reporting tools to ensure effective reporting on Information Privacy
• Monitor Information Regulator website, communication and all relevant correspondence in order to pro-actively participate in any communication opportunities with the Regulator 
• Reporting on Supplier onboarding 

Supervisory / Leadership / Managerial Complexity: 

• Be an effective role model for leadership behaviours, leading by example with a positive make-it-happen attitude.
• Support decisions publicly once they have been made.
• Build and enforce a customer centric approach. 
• Lead and manage employees to effectively and productively deliver against KPI’s and agreed milestones.
• Build employee relations and collaborative teamwork. 
• Communicate actively and effectively resolving any potential conflicts that may arise.
• Display insight into leadership style and how it impacts on performance positively and negatively.
• Have the self-insight and flexibility to adapt to different situations.
• Manage boundaries that separate units in order to optimise workflow.

Live the MTN Brand – change and influence employees behaviour

• Minimum of 4 year degree/diploma 
• LLB or equivalent commercial legal degree
• Fluent in basic command of English 

• Minimum of 4 years’ experience in area of specialisation (Information Privacy)
• Minimum of 6 years experience in supervising/managing others
• Experience in managing others’ deliverables, quality output, deadlines 
• Experience working in a corporate environment
• Worked across diverse cultures 
• Must have commercial legal experience. 
• Telco / similar industry experience is advantageous
• Experience in working within a team and across the organisation (able to multi-task and switch between the two)

• PoPIA and other related Privacy regulation knowledge
• Information Security knowledge preferable
• Data Privacy Certification
• Compliance / Regulatory training