Accountability:  Strategic direction & governance

• Provide Assistance in setting the Absa Group Limited data privacy strategy, as well as the privacy risk and control threshold for the Group.
• Assist in driving compliance to all Data privacy laws and regulations and address these requirements early on in new technologies.
• Develop and oversee the application of data privacy policies and standards for Absa Group Limited and maintain these on at least an annual basis.
• Enable compliance with data privacy regulations and foster a data protection culture within the organization.
• Proactively conduct data protection impact assessments for the Group’s products, projects, and processes.
• Provide SME guidance on Data Privacy Risk management with Business stakeholders and suppliers.
• Partner with Business and Technology to ensure data privacy issues are considered at the outset of new projects, products, and initiatives.
• Monitor the evolving data privacy regulatory landscape to keep visibility on trends, and best practices to adequately address current policies or standards.
• Inform and monitor the Absa Group Limited Data Privacy risk appetite and changes to it.
• Assist in the development and maintaining of an appropriate operating model to ensure that the data privacy policy requirements are implemented within the Business with adequate oversight from the Group Privacy Office.
• Assess the risk on all requests for dispensations, waivers, and breaches, and escalate to the Principal Risk Officer for consideration.
• Participate in investigations, reviews, approvals, incidents, and exceptions to address matters impacting the risk
• Assist in the development of the process for the identification and assessment of all severity 1-4 incidents within Absa Group Limited

Accountability:  Oversight & reporting

• Monitor compliance with data protection regulations and Group policies
• Continuous engagement with the various regulators and keeping up to date with data privacy regulations.
• Support the data incident response and data breach notification procedures
• Timeously validate and respond to data subject requests
• Assistance in overseeing data privacy incident and breach procedures and response, including investigation, documentation, reporting, maintenance of records, and the implementation of corrective action.
• Oversee the development and/or implementation of training on the policies and standards to deliver compliance and foster a data privacy culture.
• Review and make recommendations on the Key Risk Indicators submitted by Business.
• Oversee the gathering, collation, and aggregation of risk reporting; challenge inputs from Business and develop and report on an overall picture of the status of the Risk from a Group perspective.
• Assists in the management of and reporting on the status of data privacy risk to internal and, where relevant, external stakeholders, including regulatory bodies.
• Keep up to date and maintain the Group Risk Framework and identify and warn the business and the Compliance Executive Committee of emerging risks. Develop how those risks may be managed, by providing actionable intelligence.
• Promote and communicate the embedment of compliance throughout the organisation and oversee the development and implementation of high-quality compliance policies and standards
• Ensure adequate monitoring capability is incorporated into solutions to provide key risk metrics and indicators. This may include participation in designing and implementing systems of metrics to provide additional monitoring insight.

Accountability: Management and Leadership

• Develop the capability through internal and external networks, research, and tools to identify emerging risks and potential enhancement of the Risk Framework and Data Privacy Policy.
• Assist in the Developing and implementation of policies, procedures, and systems to ensure efficient and effective identification and assessment of Data Privacy risks
• Promote the cultural, behavioral, and organisational changes necessary within the business to achieve continuous improvement.

Accountability:  Stakeholder management

• Act as an ambassador with colleagues, regulators, and other stakeholders to establish a leading function within the organization.
• Be registered with relevant regulatory or professional bodies
• Advise stakeholders on the management of relevant data risks, by participating in product/project/change approval and review processes.
• Ensure that proactive and risk-based advice is delivered through effective partnership with others at all levels – the front office and other infrastructure functions.

Education and Experience Required:

• Degree in Commerce, Legal or Business or NQF Level 6 Equivalent
• (3 – 5) years’ experience in Compliance, Data Risk Management, Audit or Risk management

Knowledge & Skills: (Maximum of 6)

• Knowledge of Data Privacy Risk Management, Control, and Assurance (Level: Advanced)
• Knowledge of relevant local and international regulatory environments including data privacy (Level: Solid)
• Knowledge of data governance and risk governance frameworks (Level: Solid)
• Knowledge of Compliance best practices (Level: Solid)
• Strong leadership Skills (Level: Solid)
• Intellectual and analytical Skills (Level: Solid)
• Good verbal and written communication Skills (Level: Advanced)
• Conflict Management skills (Level: Advanced)
• Change Management Skills (Level: Solid)
• Sound judgment and strategic abilities (Level: Solid)

Competencies: (Maximum of 8 competencies)

• Analysing and executive business report writing
• Coping with pressures and setbacks
• Entrepreneurial and commercial thinking
• Deciding and initiating action
• Formulating strategies, policies, procedures, and concepts
• Leading and supervising
• Persuading and influencing
• Presenting and communicating information
• Relating and networking

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)