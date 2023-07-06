Data Privacy Analyst – Western Cape Cape Town

Job Purpose:

Support with implementing and integrating data governance & privacy practices, in line with regulatory requirements, across the Group to enhance privacy maturity, and ensure compliance with privacy laws and regulations when processing personal information.

Key Responsibilities:

IT Privacy Assessments:

Conduct and maintain privacy processes including data protection impact assessments (DPIA) and Data Processing Assessments (DPA)

Support the ongoing effort to update record of processing assessments (ROPA) for IT applications

Maintain records of processing activities (ROPA) and safeguards such as privacy by design, to ensure compliance to regulatory requirements POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

IT Privacy Policies and Procedures:

Help mature policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles, and responsibilities) consistent with the risk strategy, to protect personal and sensitive data

Understand the current state of privacy maturity within and maintain measurement of the impact of the Privacy Program on maturity NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Personal Data Governance:

Implement and integrate data privacy and governance practices across company to address regulatory compliance and protect sensitive information.

Facilitate the management and governance of personal data to protect individuals’ privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention) NIST, ISO

Third Party Privacy Assessment

Assess privacy posture of new vendors and detail associated privacy risks

Support business on details Data Processing Agreements

GAP analysis of technical and organizational measures (TOMS)

Audit clause reviews

Sub processor risk analysis

SOCI, SOCII, SOx

Policies & Procedures Management:

Assist in the review and maintenance of the repository of IT policies and procedures.

Ensure IT policies and procedures are updated as and when required, while ensuring privacy impacts are considered. POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Conduct and facilitate reviews of IT privacy controls based on standard methodologies and an understanding of technical infrastructure, IT & privacy risk and cyber security

Facilitate reviews of IT risk compliance work programs with technical teams

Carry out reviews to a professional standard

Issue agreed review finding reports

Facilitate the remediation process for gaps, weaknesses identified and areas of improvement.

Evaluate the design and the effectiveness of current security controls from an IT Risk & Compliance perspective NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Cross competency collaboration:

Work with Legal Compliance on privacy matters relating to personal data processing

Collaborate with key business functions on IT privacy matters (Security, Legal, Procurement, HR, IT)

Assist with evidence provision and query response turnaround POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Ongoing Monitoring of the IT Compliance Program:

Ongoing Monitoring of compliance to IT control & security requirements for designated systems

Assist with the remediation process for gaps / weaknesses identified CobIT, SOx 404, ISO27001, ISO27018, ISO27017, ISO27005, ISO31000, NIST

Assist with the review and monitoring of the IT privacy risk assessments & reviews

Assist with IT privacy risk assessments and reviews people systems

Assist with monitoring & risk remediation programs with technical teams IAPP, ISO27001, ISO27017, ISO27701, Region Specific Regulatory Requirements, GDPR, CCPA, POPIA, LGPD Brazil, SCCs

Job Requirements:

Qualification(s):

University Degree (B.Sc. or equivalent) in Computer Science /Cyber Security/similar area

Privacy certification a preference such as CIPP/E, CIPP/US, CIPM

Experience:

Defining policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles and responsibilities) consistent with the organisation’s risk strategy, to protect personal and sensitive information

Global privacy regulations – GDPR, POPIA, CCPA, LGPD – Core IT requirements required to address associated articles as outlined in the regulation.

Facilitating the management and governance of personal data to protect individuals’ privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention)

Implementation/maintenance of privacy processes such as data protection impact assessments (DPIA), records of processing activities (ROPA) and safeguards such as privacy by design to ensure compliance to regulatory requirements

Understanding the current state of privacy maturity within an organisation and maintaining measurement of the impact of the Privacy Programme on maturity

Implementing and integrating data privacy and governance practices across an organisation to address regulatory compliance and protect sensitive information

Working in a global organisation (preferably within the manufacturing and/or Data Governance & Privacy team) with stakeholders of varying seniority and a track record to navigate through complex work environments

Technical Competencies:

Good attention to detail and strong documentation skills

Ability to manage several projects simultaneously

Ability to prioritise conflicting demands and work well under pressure

Desired Skills:

IT Privacy Assessment

IT Policies and Procedures Management

IT Compliance Management

Desired Qualification Level:

Degree

