Privacy Specialist - Johannesburg at Nedbank

Job Purpose

• To provide privacy expertise and guidance to stakeholders on the protection of personal information to ensure compliance to relevant legislation and to mitigate risks.

Job Responsibilities

• Provide oversight to the Nedbank Group on day to day privacy activities across all Clusters including international subsidiaries (where required)
• Provide expert advice on all aspects of the protection of personal information. Set up frameworks, policy documents and practices for the protection of personal information across Nedbank and its subsidiaries in response to legislative requirements.
• Ensure that Privacy risks and issues are identified, escalated and appropriately managed
• Compile reports, for submission to all the respective committees and regulatory bodies I.e Executive Committees, Information Regulator, Banking Association of South Africa etc. 
• Draft standards, procedures and guidelines to assist Clusters to comply with the Group Privacy requirements 
• Direct Clusters on the requirements for responding to Access Requests and provide guidance to ensure they have compliant processes / procedures
• Engage with external regulatory and industry bodies and provide input into the commentary and review of legislative requirements where required
• Set regular meetings with the Cluster Privacy Representatives to review issues / concerns and provide updates on privacy developments
• Create standardised training materials for use by the Clusters within their business units.

Job Responsibilities (continued)

• Provide advice and guidance on complex and / or cross Cluster privacy issues
• Overall management of the Privacy Incident management process and co-ordination with clusters to ensure privacy incidents are actioned and mitigated inlcuding regulatory notification and engagements
• Review and update of Privacy tools including the development of mechanisms and other privacy enablers
• PAIA administration(drafting of responses, management of deadlines etc), including co-ordinating with clusters to obtain information to respond to the PAIA request, collaboration with stakeholders to consider and assessing the PAIA applications and the impact thereof. 
• Provide guidance, advice and expertise on the protection of personal information and best practices to stakeholders. 
• Contribute to a culture of transformation by participating in Nedbank culture building initiatives, business strategy, and CSI. 
• Build and manage relationships with key stakeholders and cluster privacy representatives by influencing and providing expertise and advice into the development and implementation of Privacy strategies, programmes and deliverables, across Nedbank and its subsidiaries.
• Build and maintain collaborative relationships with internal stakeholders through engagements and sharing of expertise to ensure understanding of, and alignment to regulatory requirements as set by relevant legislation.
• Conduct research, document and share knowledge through identification of relevant learning opportunities on Privacy to increase knowledge across Nedbank Group.

Job Outputs

• Privacy governance documents
• Privacy frameworks and supporting tools
• Providing training to Nedbank staff
• Providing ongoing SME guidance to Clusters
• Developing relationships with the Cluster Privacy Representatives and managing the business as usual forums
• Drafting position papers and providing thought leadership on Privacy
• Providing reports to relevant committees

Preferred Qualification

• Degree in Law, specialising in Intellectual Property, Information Technology and Data Privacy
• Information System Examination Board (ISEB) and/or Certified Information Privacy Professional (CIPP)

Essential Certifications

• Compliance Institute of South Africa preferred

Preferred Certifications

• Admitted Attorney or Member of the Compliance Institute of South Africa

Type of Exposure

• Developing ways to minimise risks
• Drafting reports
• Managing conflict situations
• Influencing stakeholders to obtain buy-in for concepts and ideas
• Sharing information in different ways to increase stakeholders understanding
• Challenging the status quo with a view to improving the environment or peoples understanding
• Communicating standards to others
• Comparing two or more sets of information
• Conducting a needs analysis
• Writing business proposals  
• Managing legal risks
• Interacting with regulatory and industry bodies 
• Managing a team of managers
• Coaching and mentoring others
• Building a community of leaders
• Identifying/select talent
• Developing a functional/divisional strategy 
• Developing a divisional strategy plan
• Managing complex boardroom dynamics and exhibiting a strong boardroom presence
• Analysing data flow processes that requires an in depth evaluation of privacy risks 
• Interpreting regulatory requirements
• Analysing customer requests for personal information  
• Working with a group to identify alternative solutions to a problem
• Interacting with diverse people
• Building and maintaining effective relationships with internal and external stakeholders
• Interacting with various levels of management 
• Managing multiple projects
• Communicating complex information orally
• Communicating complex written information
• Identifying trends 
• Checking accuracy of reports and records
• Conducting gap analysis
• Coordinating and securing buy-in from internal stakeholders
• Preparing and delivering presentations
• Providing professional advice/opinion
• Using different approaches in new work situations
• Representing the company in Industry related forums
• Displaying high level of professionalism, ethics, integrity and confidentiality
• Implementing actions to improve the organisational culture
• Assuming a key leadership role
• Coaching and mentoring others
• Providing constructive feedback to employees
• Conducting performance appraisal interviews
• Communicating job requirements and performance standards to others
• Checking performance data to measure employee performance

Minimum Experience Level

• 3-5 years’ experience in intellectual property and/or information technology and/or data protection 

Technical / Professional Knowledge

• Relevant Governance controls and regulatory knowledge
• Corporate Governance & Compliance
• Compliance reporting
• Archiving Documentation
• Policy & Procedural Knowledge

Behavioural Competencies

• 360° Decision Making
• Influencing
• Building Trusting Relationships
• Managing Work
• Quality Orientation
• Stress Tolerance