Data Security and Privacy Manager at The Coca-Cola Company

The Data Security and Privacy Manager is responsible for ensuring enterprise-wide information security and data privacy and protection in CCBA. This employee ensures the security of information and data by designing strategies to ensure compliance with national and international laws and regulations and implementing a programme for CCBA to keep information safe.

The scope of this position focusses on aspects of Data Security and Privacy:

• Data Management Governance
• Data Classification Governance
• Data Privacy Management
• Data leaks and information security breaches
• Vendor Due Diligence
• Data Privacy Certification
• Legal compliance and regulatory adherence
• User Training and Communication

This employee works very closely with the leading Data Architect and other members of the Business insights and Data team to design and implement data management architectures and approaches. They contribute to design and planning of data classification structures and methods and develop required data classification policies and procedures. A key focus is to create privacy policies, establish operational procedures and controls, and builds programmes to ensure adherence to the policies.

They engage with internal and external legal experts to obtain opinions on policy requirements and adherence. This employee is also responsible for improving data privacy and information security awareness amongst all employees in CCBA. In this regard, they source, oversee the deployment and monitor the effectiveness of training and communication programmes. 

Key Duties & Responsibilities    

• Continuously staying up to date on data security and privacy laws, trends and issues, including current and emerging technologies, legislation and best practices.
• Advising and educating CCBA stakeholders on the relevance and impact of data privacy laws and recommending and implementing changes to CCBA policy and/or practice where appropriate.
• Following and keeping up to date with data and information security trends in data privacy management, solutions, and optimisation.
• Researching, evaluating, and advising on the adoption of data privacy and information security philosophies, regulations, solutions, and management approaches.
• Serving as the primary point of contact and acting as expert in advisor to the CCBA enterprise for new and existing security and privacy regulations and required controls.
• Analysing current internal data privacy and information security approaches, standards, and enforcement in CCBA.
• Identifying and analysing regulatory, industry and international requirements and standards for data privacy and information security.
• Monitoring and researching industry directives and legislation to identify leading practices for protecting CCBA data assets and for ensuring compliance.
• Creating a best practice strategy for CCBA future data privacy and information security management and adherence.
• Developing a gap analysis between the to be scenario and the current as-is situation and planning the remediation plan to realise the strategy.
• Developing roadmaps, plans and business cases to communicate planned initiatives and to obtain approvals through the Demand Management process.
• Continuously adjusting and updating the strategy, plans and budgets to ensure continuous relevance to evolving legislative, market, and industry requirements.
• Collaborating with the relevant departments in the development and implementation of appropriate information security and privacy policies, processes, and other resources, ensuring all resources meet applicable legislative and regulatory requirements.
• Regularly collaborating with the CISO to report on the company’s privacy posture to business leaders and department stakeholders.
• Leading the development and updates of data privacy and security policies to ensure the protection of corporate data against unauthorized use, access, modification, disclosure, and deliberate or inadvertent destruction.
• Developing required data security and privacy operating procedures, playbooks, and practices.
• Collaborating with relevant stakeholders and project teams to ensure privacy principles are embedded in architecture, infrastructure, and code.
• Setting up and maintaining a documentation library for data security and privacy-related procedures, playbooks, and practices.
• Leading efforts to obtain data privacy and security certification for CCBA for relevant national and international accreditation bodies.
• Designing reports and generating security, privacy, and compliance metrics that are meaningful and actionable.
• Taking ownership of and acting as the programme manager for the implementation of the data security and privacy solutions and practices across all technical and business solutions.
• Ensuring CCBA’s proactive compliance with all regulatory-mandated data security and privacy requirements including POPIA and GDPR.
• Verifying proper privacy controls and remediation initiatives are in place, where applicable.
• Raising awareness across CCBA of the importance of data security and data privacy through the creation and delivery of appropriate training and other awareness initiatives to CCBA team members and relevant third parties.
• Performing due diligence and compliance monitoring of relevant third parties to ensure that the CCBA’s data security and data privacy requirements are complied with.
• Planning milestones for deliverables and deployment of system functionality and creating a plan that visualises the timeline.
• Meeting regularly with senior level business stakeholders to identify, agree and understand dynamic changes to their business unit and functional strategies.
• Meeting regularly with the Corporate Information Security Office team members and his/her manager to report progress, raise issues and brainstorm solutions.

Skills, Experience & Education    
Qualifications:

The minimum qualification required for this position is a first degree in Information Technology, Computer Science, or Information Systems.

• A further degree would be an advantage.
• Certifications:  Six (plus ITIL) or more of the following:  
• Certified Information Privacy Manager (CIPM) 
• NIST Cybersecurity Framework (NCSF)
• COBIT5 Implementation
• COBIT5 Assessor
• Certified in Governance, Risk and Compliance (CGRC)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• BCS IT Governance & InfoSec Basis Practitioner
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• Certified Information Security Manager (CISM) 
• Certified Information Systems Auditor (CISA)
• Certified Information Privacy Technologist (CIPT)
• Cisco Certified Network Associate – Security (CCNA)
• Relevant vendor/equipment specific certification

Experience:

• 12 to 14 years general work experience with at least 6 years relevant experience in Information Security or IT Governance.

Closing Date: 13th, May 2022