Data Privacy and Protection Specialist

Data Privacy and Protection Specialist page is loaded

Apply locations Johannesburg time type Full time posted on Posted Yesterday time left to apply End Date: June 28, 2025 (2 days left to apply) job requisition id R35772To ensure the lawful processing of personal information in accordance with data privacy, protection legislation and regulations that applies to FirstRand, including information management best practices that aim to provide an independent privacy compliance advisory, risk assessment and monitoring service to FirstRand segments and business units.

Hello future Data Privacy and Protection Technical SME!

FirstRand believes that its people are its single most important resource and will not operate in a sector unless it has people who are right for that market and who share FirstRand’s business values. We recruit self-starters who have a passion for what they do. We empower them, hold them accountable and reward them appropriately. We value diversity in our people, particularly for the way that this contributes to innovative thinking. If you think you will flourish in our environment, and you believe you have the necessary skills and competencies for the position advertised, then we are looking for you!

Role Purpose:

We are seeking a highly skilled and experienced Data Privacy Technical Subject Matter Expert (SME) to join our Data Privacy and Protection Centre of Excellence (CoE). This role is pivotal in strengthening our data privacy and protection capabilities across the organisation, particularly in high-demand segments such as R&C, RMB, and Broader Africa.

Key Responsibilities:

Privacy Operations & Governance

• Represent the CoE and provide subject matter expertise in privacy for Information Governance, Cyber Security, and Incident Response projects across FirstRand.
• Support the evolution of FirstRand’s privacy program globally in alignment with international data protection frameworks and best practice.
• Draft, review, maintain, and harmonise privacy documentation, including internal procedures, notices, guidance, and training materials.
• Identify and assess potential privacy risks inherent in technical designs and implementations and contribute to implement privacy enhancing features and fixes.
• Maintain and oversee privacy risks, coordinating with stakeholders to ensure implementation of mitigation plans.
• Engage with data owners, architects, and product teams to embed privacy-by-design (PdD) principles generally. Collaborate with relevant teams to ensure PdD in the development and deployment of AI, analytics, and other emerging technologies.
• Contribute to the privacy risk assessments for AI and other innovative use cases for technology, data sharing, and automation tools.
• Support the automation of privacy operations to scale compliance and accelerate the responsible use of personal information across FirstRand. Oversee implementation, ongoing management, reporting, and quality control of privacy management platforms and tools. Collaborate with information security and information technology teams to align privacy technologies with security controls.
• Develop and maintain user guidelines and provide training on privacy platform functionality and best practices, including privacy assessments, records of processing activities (RoPA), third party risk assessments, and incident management.
• Review governance and business requirements and define workflows and processes that support efficient privacy management activities within FirstRand.
• Enhance and support the privacy incident management process, coordination efforts, investigations and root cause assessments.
• Conduct and advise on privacy assurance, monitoring, and audit activities.
• Conduct and advise on data privacy impact assessments, third party risk assessments, and the management of RoPAs.
• Act as the initial point of intake for data subject access and rights requests received centrally; route requests to appropriate owners, track completion, and maintain oversight of the process to ensure compliance. Support development and automation of Data Subject Rights' workflows.
• Establish and manage essential privacy management information (PMI) dashboards and reporting tools. Track key metrics such as the number of Data Subject Access Requests (DSARs), incident volumes and trends, initiated and completed Data Protection Impact Assessments (DPIAs), vendor reviews, and other relevant data across FirstRand.
• Generate and maintain regular privacy dashboards and team reports, providing quarterly insights on performance, trends, and compliance health. Support regulatory audits and internal reporting with accurate metrics and documentation.
• Coordinate and deliver privacy training and awareness initiatives across the Firm, ensuring global relevance and compliance with local regulations. Assess training needs by engaging stakeholders, reviewing incidents/metrics, and staying current on regulatory requirements and organizational changes.

Required Qualifications:

• Minimum: LLB, B.Com LLB, or Bachelor's in Computer Science, IT, Cybersecurity, Risk Management, Audit, or related field.
• Advantageous: CIPP/E, CIPT, AIGP, or similar.

Experience:

• 4–5 years in Data Privacy Programme Management, Privacy Engineering, Cybersecurity, or related fields.
• Proven experience with data privacy laws, compliance frameworks, and IT risk governance.
• Exposure to privacy issues related to AI, data analytics, or other emerging technologies is a strong advantage.

Advantageous:

• Hands on experience with industry leading privacy management platforms and tools (e.g., OneTrust, TrustArc, Securiti, etc.).
• Governance, Risk and Compliance automation.
• Experience in supporting ISO 27001/277701 alignment efforts.

Core Competencies:

• Ability to deliver practical, pragmatic, and creative privacy solutions.
• Strong analytical and problem-solving skills, with the ability to use metrics to drive improvement.
• Excellent communication and interpersonal abilities, with an ability to explain complex privacy and data protection issues to lay audiences.
• Proficiency in data privacy and protection principles.
• Understanding of AI ethics and data governance frameworks.
• Familiarity with digitisation, legal advisory, and audit practices. Comfortable working with cross-functional teams across legal, compliance, technology, security, and first line operations.

You will have access to:

• Challenging work in a complex and exciting environment
• Opportunities to innovate and create efficiencies.
• Exposure to our direct SA operations and indirect Broader Africa, offshore operations.

We can be a match if you are:

• Curious & courageous - you're driven by always wanting to know more and learn more and you're brave enough to
• Obsessed with mastery - you know what it takes to become good at what you do and are constantly pushing yourself to do it.
• Strong administration skills
• Strong organisational and prioritisation skills
• Ability lead through influence and relationship building.

#LI-LM7 #POST #FCC

Are you interested to take the step? We look forward to engaging with you further. Apply now!

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

28/06/25

All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.

locations Johannesburg time type Full time posted on Posted Yesterday time left to apply End Date: July 3, 2025 (7 days left to apply)

Introduce yourself to our recruiters and we will get in touch if there's a role that seems like a good match.

Should you have any queries, please log it via MyQ .

The FirstRand Corporate Centre (FCC) houses many of the critical functions required by a large and complex financial services group. FCC’s stakeholders are both external, such as regulators, shareholders, global developmental institutions and government; and internal, mainly the businesses that service the group’s customers. These critical functions cover risk, compliance, governance, internal audit, treasury, finance and tax amongst many others. They require deep specialist and technical skills and ultimately represent the custodianship of the FirstRand group’s licence to operate.

FCC employees develop a unique perspective of the group because nowhere else can you own or be part of a mandate that operates across the portfolio. This allows for both big picture thinking and operational learning. It is also a great place to drive collaboration and a place to have a significant impact.