Description
To provide data privacy guidance, advice and support to business on data privacy matters; and to ensure requirements are met and risks are mitigated in accordance to applicable legislation and regulation.
Role Purpose
This role is within FNB Personal: Data Governance and Information Management. Its key function is to provide data privacy guidance, advice and support to business on data privacy matters and governance; and to ensure requirements are met and risks are mitigated in accordance with applicable legislation and regulation.
Key Responsibilities:
Design, Review and enhance existing business processes that involve acquiring customer data, to ensure the necessary due diligence is followed in securing the data by designing privacy rules and processed within the technology applied.
Review existing and new customer set-up processes to identify gaps and recommend process enhancements to mitigate any threats to customer data.
Review and advise on appropriate solutions and controls by working with various providers to resolve data breaches.
Drive the implementation and adoption of Enterprise/ Segment data privacy processes and capabilities (including protection risk assessments).
Advise and guide relevant areas with respect to high-risk data, ensure it is managed appropriately and risks are mitigated.
Understand the flow of data across systems to ensure compliance and keep up to date with industry standards and collaborate with various stakeholders to align practices to legislation.
Demonstrate thought leadership as it pertains to data privacy and protection risk and ensure that the risk exposure in this regard is understood.
Research local and global trends pertaining to data privacy and protection, identifying best practices and precedence relating to enforcement activities.
Provide privacy awareness, training (process, tools, legislation, etc.) and guidance to relevant stakeholders as and when required.
Establish learning and development opportunities (knowledge sharing, best practice, etc.) for data privacy SMEs across the segment and business.
Support the FirstRand Data Privacy and Protection Centre of Excellence (CoE), reporting processes and governance structures, including the FirstRand Data Privacy and Protection Committee.
Support the review of the data privacy and protection control environment by Group Internal Audit and Compliance Monitoring functions.
Review and implement the FirstRand privacy framework, policies, minimum standards, tools and guidance notes setting out the minimum compliance requirements across data privacy themes which includes but is not limited to: Manage Third party/supplier privacy risk management, Data privacy governance and embed data privacy into business operations (includes privacy by- design; personal information retention and deletion; various data privacy risk assessments).
Manage the execution of privacy notices within business processes and procedures relating to data subject rights, including the Promotion of Access to Information Act (PAIA) Manual.
Advise on and interpret the privacy and control requirements emanating from data privacy and protection laws (e.g., the Protection of Personal Information Act, the General Data Protection.
Provide a privacy advisory service (related to various data privacy and protection laws and regulations that applies to FirstRand) and engage with the relevant segments and business units in conjunction with peers and other relevant SMEs and stakeholders.
Provide input regarding privacy incidents and breaches and support in Regulator participation and engagement.
Review and provide input into the required privacy risk identification and assessment/evaluation measures.
Review and provide input into privacy risk appetite and privacy risk metrics/key risk indicators for the Group by supporting the implementation of these privacy risk metrics/key risk indicators.
Enhance and improve the privacy risk and issue surveillance and tracking of remediation within area of accountability and identify opportunities for business improvements and recommend solutions to relevant area and stakeholders.
Ensure customer and business operations implement suitable controls to limit data privacy incidents.
Provide oversight and monitor the lawful and ethical basis for processing of information (e.g. under POPIA) including Data classification (for PII, SPI, etc.), Data Privacy Assessments, Legitimate Interest Assessments.
Build working relationships across teams and functional lines to enhance work delivery, collaboration and innovation.
Minimum Requirements:
Minimum Qualification: Business related degree (e.g. Bcom, Law, Risk Management, Compliance)
Preferred Qualification: Data Management or Data Privacy qualification will be advantageous
Experience: A minimum of 5-7 years Data Privacy and Protection experience, in managing and implementing data protection programs and processes at a senior level
Deep domain knowledge, interpretation, and application of Data Privacy Legislation within a corporate environment.
Relevant experience of Data compliance requirements and Enterprise risk management principles within Banking or the Financial services sector will be advantageous.
Strong knowledge and demonstrated practice of International Data Privacy Legislation.
Senior stakeholder management experience and chairing of relevant governance committees and forums.
#Post
#FNB
#LI-AR2
Job Details
Application Closing Date
20/09/24
All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.