Manager - Information Privacy Compliance.Corporate Services

Task Complexity: 
Implement Information Privacy practices  
•    Work closely with Information Privacy Champions and Functional Unit Heads to implement and drive Information Privacy initiatives, ensure reporting and mitigate risks 
•    Continuously improve and implement IP practices  
•    Implement an effective Data Subject Participation process 
•    Ensure integration of information security controls and requirements 
•    Implement an effective Incident & Breach Management process 
•    Assist with the implementation of Direct Marketing Policy, Guideline and practices across the business 
•    Maintain an inventory (PI Inventory) of the location of key personal data storage and information flows with defined classes of personal data 

Educate the business on Information Privacy 
•    Continuous implementation of Information Privacy initiatives: 
•    Awareness; Induction; Campaigns, Training, Communication •     Educate the business on all Information Privacy focus areas: 
•    Information Privacy Governance; IP Consent &Notice Incident & Breach Management; Data Subject Participation, IP Culture; Data Protection Controls; Personal Information Records Management •     Maintain Y’elloworld Repository & SharePoint site 

Manage Information Privacy business compliance 
•    Be an Information Privacy subject matter expert to business 
•    Consult, support business and create report(s) on all Business Compliance Assessments 
•    Work closely / collaborate with custodial functions to ensure IP compliance and embedment 

• Ensure implementation of IP data protection controls 
•    Assess data protection controls  
•    Identify data protection gaps

•    Manage and monitor gaps 
•    Maintain an effective Data Subject Participation process 
•    Maintain an effective PI Incident & Breach Management process 
•    Maintain direct marketing business compliance 
•    Assist in management of customer consent preferences (process)  
•    Maintain a Personal Information inventory of the location of key personal data storage or personal data flows with defined classes of personal data. 
•    Consult on all projects to ensure Privacy By Design guidelines are adhered to 
•    Support the enforcement of Information Privacy governance, structures, policies, standards, procedures, guidelines and processes 

Monitor and report on Information Privacy 
•    Monitor and create report(s) on Business compliance and IP maturity 
•    Reporting to appropriate governance / compliance councils and committees 
•    Monitor, report on and mitigate IP engagement initiatives 
•    Conduct regular business compliance risk assessments 
•    Implement, monitor and measure the effectiveness of the Information Privacy practices.  
•    Regular reporting and presentations to the Information Privacy Officer, Information Officer and Deputy Information Officers on privacy business compliance matters 

Regulatory Tasks

•    Achieving compliance to POPIA implemented process on POPIA impact supply chain activities.
•    Process and Evaluations – All third-party supplier evaluations are completed prior to contracting. 
•    Ensuring compliance of exceptional sourcing process into business areas that are not centrally managed via Procurement. Ensuring sourcing notifications from CLM are addressed. 
•    Revise and publish customer notice and POPIA Act Manual. 
•    Monitoring incidents and breaches relating to consent preferences ensuring that a managed process exists relating to direct marketing consent and third parties. 
•    Conduct Reviews on RDS’S from a contractual, third party and POPI Act compliance perspective.
•    Support internal and external stakeholders, e.g., EBU, CBU, Digital and Marketing and meet with third parties to resolve issues. 
•    Draft letters to data subjects, Information Regulator and DMASA on requests, complaints, incidents and breaches
•    Ensure reduction of Incident and Breach exposure
•    Report on material complaints, DSR, incidents and breaches and ensure containment and remedial exposure mitigated within reasonable time.
•    Support business imperatives driven by team via Information Compliance Council.
•    Support Information Privacy Champion initiatives where required.
•    Enforcement of Information Privacy and associated policies and guidelines, Incident and Breach management standard and guidelines, and Direct Marketing policy and guidelines.
•    Enforcement of dashboard and reports on Incident & Breach, and Data Subject Participation solution. 
•    Ensure POPIA processes are implemented and working on high POPIA impact supply chain activities for procurement and business areas conducting their own sourcing.
•    Review and recommend improvements on sourcing and third-party processes and operational matters.
•    Reviewing of critical projects / contracts
•    Continuous support provided to internal and external stakeholders via POPI mailbox. Ensure reporting is done accurately
•    Assist with Breach and incident escalations from business.
•    Approval of training material, e.g., DSR, incident and breach, etc.
•    Monitor, review and communicate the regulatory posts and ensure updates from the IR website are monitored and communicated.

Additional MTN detail, not specific to the role: 
Project Management  
•    Develop and drive the execution of agreed projects  
•    Drive the implementation, tracking, monitoring and compliance of Projects 
•    Contract management in line with Procurement Policies 
•    Co-ordinate project reporting 
•    Ensure effective implementation of the integrated project management model  
•    Risk management 

 

Business Analysis 
•    Perform Business Analysis MTN SA Business Analysis in line with the methodology and guidelines 
•    Identify ways to fine tune policies, processes and systems in line with changing work practices 
•    Determine, document, and review requirements for projects within the scope of the value stream or impacting processes and systems  
•    Design, Analyse and document workflow and make appropriate recommendations that will positively impact operational effectiveness 
•    Identify Business Improvement and Optimization opportunities that will result in improvement of process performance  
•    Ensure that benchmarking is conducted with other companies and organizations within and outside the industry.  
•    Construct business cases for initiations proposed by the business. Research and consider best practice, local conditions, trends, as well as competitor activity 
•    Identify and implement innovative ways to use minimum resources to achieve maximum outputs  
Supervisory / Leadership / Managerial Complexity:   
•    Be an effective role model for leadership behaviors, leading by example with a positive make-it-happen attitude. 
•    Support decisions publicly once they have been made. 
•    Build and enforce a customer centric approach.  
•    Build employee relations and collaborative teamwork.  
•    Communicate actively and effectively resolving any potential conflicts that may arise. 
•    Display insight into leadership style and how it impacts on performance positively and negatively. 
•    Have the self-insight and flexibility to adapt to different situations. 
•    Manage boundaries that separate units in order to optimize workflow. 
•    Live the MTN Brand – change and influence employees' behavior.   
 

Education 
•    Minimum of 3 year degree/diploma  
•    Fluent in basic command of English   
Experience: 
•    Minimum of 5 years’ experience in area of specialization (Information Privacy); with experience in supervising/managing others,  
•    Experience working in a medium to large organization 
•    Telco & IT experience will be advantageous  

Training:  
•    Business Risk & Compliance Assessment/ Management 
•    Records/ Documentation Management 
•    Industry Knowledge  
•    POPIA knowledge 

Other: 
•    Decision-making 
•    Influencing 
•    Astute Communication 
•    Analytical thinking 
•    Systematic thinking 
•    Problem solving 
•    Simplification 
•    Relationship building 
•    Content and experience knowledge 
•    Conscientiousness 
•    Assertiveness and tenacity 
•    Planning and Organising 
 

 

About MTN South Africa

Launched in 1994, MTN South Africa is a subsidiary of MTN Group, a leading emerging market operator with a clear vision to lead the delivery of a bold new digital world to our customers. We are inspired by our belief that everyone deserves the benefits of a modern connected life. The MTN Group is listed on the JSE Securities Exchange in South Africa under the share code ‘MTN’. Our strategy is Ambition 2025: Leading digital solutions for Africa’s progress.