Job Purpose:
Support with implementing and integrating data governance & privacy practices, in line with regulatory requirements, across the Group to enhance privacy maturity, and ensure compliance with privacy laws and regulations when processing personal information.
Key Responsibilities:
IT Privacy Assessments:
- Conduct and maintain privacy processes including data protection impact assessments (DPIA) and Data Processing Assessments (DPA)
- Support the ongoing effort to update record of processing assessments (ROPA) for IT applications
- Maintain records of processing activities (ROPA) and safeguards such as privacy by design, to ensure compliance to regulatory requirements POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
IT Privacy Policies and Procedures:
- Help mature policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles, and responsibilities) consistent with the risk strategy, to protect personal and sensitive data
- Understand the current state of privacy maturity within and maintain measurement of the impact of the Privacy Program on maturity NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII
Personal Data Governance:
- Implement and integrate data privacy and governance practices across company to address regulatory compliance and protect sensitive information.
- Facilitate the management and governance of personal data to protect individuals’ privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention) NIST, ISO
Third Party Privacy Assessment
- Assess privacy posture of new vendors and detail associated privacy risks
- Support business on details Data Processing Agreements
- GAP analysis of technical and organizational measures (TOMS)
- Audit clause reviews
- Sub processor risk analysis
- SOCI, SOCII, SOx
Policies & Procedures Management:
- Assist in the review and maintenance of the repository of IT policies and procedures.
- Ensure IT policies and procedures are updated as and when required, while ensuring privacy impacts are considered. POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
- Conduct and facilitate reviews of IT privacy controls based on standard methodologies and an understanding of technical infrastructure, IT & privacy risk and cyber security
- Facilitate reviews of IT risk compliance work programs with technical teams
- Carry out reviews to a professional standard
- Issue agreed review finding reports
- Facilitate the remediation process for gaps, weaknesses identified and areas of improvement.
- Evaluate the design and the effectiveness of current security controls from an IT Risk & Compliance perspective NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII
Cross competency collaboration:
- Work with Legal Compliance on privacy matters relating to personal data processing
- Collaborate with key business functions on IT privacy matters (Security, Legal, Procurement, HR, IT)
- Assist with evidence provision and query response turnaround POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs
Ongoing Monitoring of the IT Compliance Program:
- Ongoing Monitoring of compliance to IT control & security requirements for designated systems
- Assist with the remediation process for gaps / weaknesses identified CobIT, SOx 404, ISO27001, ISO27018, ISO27017, ISO27005, ISO31000, NIST
- Assist with the review and monitoring of the IT privacy risk assessments & reviews
- Assist with IT privacy risk assessments and reviews people systems
- Assist with monitoring & risk remediation programs with technical teams IAPP, ISO27001, ISO27017, ISO27701, Region Specific Regulatory Requirements, GDPR, CCPA, POPIA, LGPD Brazil, SCCs
Job Requirements:
Qualification(s):
- University Degree (B.Sc. or equivalent) in Computer Science /Cyber Security/similar area
- Privacy certification a preference such as CIPP/E, CIPP/US, CIPM
Experience:
- Defining policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles and responsibilities) consistent with the organisation’s risk strategy, to protect personal and sensitive information
- Global privacy regulations – GDPR, POPIA, CCPA, LGPD – Core IT requirements required to address associated articles as outlined in the regulation.
- Facilitating the management and governance of personal data to protect individuals’ privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention)
- Implementation/maintenance of privacy processes such as data protection impact assessments (DPIA), records of processing activities (ROPA) and safeguards such as privacy by design to ensure compliance to regulatory requirements
- Understanding the current state of privacy maturity within an organisation and maintaining measurement of the impact of the Privacy Programme on maturity
- Implementing and integrating data privacy and governance practices across an organisation to address regulatory compliance and protect sensitive information
- Working in a global organisation (preferably within the manufacturing and/or Data Governance & Privacy team) with stakeholders of varying seniority and a track record to navigate through complex work environments
Technical Competencies:
- Good attention to detail and strong documentation skills
- Ability to manage several projects simultaneously
- Ability to prioritise conflicting demands and work well under pressure
Desired Skills:
- IT Privacy Assessment
- IT Policies and Procedures Management
- IT Compliance Management
Desired Qualification Level:
- Degree