Manager - Information Privacy Compliance

Get AI-powered advice on this job and more exclusive features. Short Description for Internal Candidates: to provide input into divisional POPIA Operational Plans, operational support and continuous monitoring of Information Privacy business compliance to the POPIA Act, across MTN South Africa (SA) and its Legal Entities including but not limited to SuperSonic and MANCO.

• Work closely with Information Privacy Champions and Functional Unit Heads to implement and drive Information Privacy initiatives, ensure reporting and mitigate risks.
• Continuously improve and implement IP practices.
• Implement an effective Data Subject Participation process.
• Ensure integration of information security controls and requirements.
• Implement an effective Incident & Breach Management process.
• Assist with the implementation of Direct Marketing Policy, Guideline and practices across the business.
• Maintain an inventory (PI Inventory) of the location of key personal data storage and information flows with defined classes of personal data.
• Educate the business on Information Privacy (awareness, induction, campaigns, training, communication).
• Manage entire Information Privacy business compliance: consult, support, create report(s) on all Business Compliance Assessments, collaborate with custodial functions, ensure IP compliance and embedment.
• Maintain effective Data Subject Participation process and PI Incident & Breach Management process.
• Assist in management of customer consent preferences (process).
• Maintain a Personal Information inventory of the location of key personal data storage or personal data flows with defined classes of personal data.
• Consult on all projects to ensure Privacy By Design guidelines are adhered to.
• Support enforcement of Information Privacy governance, structures, policies, standards, procedures, guidelines and processes.
• Monitor and create report(s) on Business compliance and IP maturity.
• Reporting to appropriate governance / compliance councils and committees.
• Monitor, report on and mitigate IP engagement initiatives.
• Conduct regular business compliance risk assessments.
• Implement, monitor and measure the effectiveness of the Information Privacy practices.

• Revise and publish customer notice and POPIA Act Manual.
• Monitoring incidents and breaches relating to consent preferences ensuring that a managed process exists relating to direct marketing consent and third parties.
• Conduct Reviews on RDS’s from a contractual, third party and POPI Act compliance perspective.
• Support internal and external stakeholders, e.g., EBU, CBU, Digital and Marketing and meet with third parties to resolve issues.
• Draft letters to data subjects, Information Regulator and DMASA on requests, complaints, incidents and breaches.
• Ensure reduction of Incident and Breach exposure.
• Report on material complaints, DSR, incidents and breaches and ensure containment and remedial exposure mitigated within reasonable time.
• Support business imperatives driven by team via Information Compliance Council.
• Support Information Privacy Champion initiatives where required.
• Enforcement of Information Privacy and associated policies and guidelines, Incident and Breach management standard and guidelines, and Direct Marketing policy and guidelines.
• Enforcement of dashboard and reports on Incident & Breach, and Data Subject Participation solution.
• Ensure POPIA processes are implemented and working on high POPIA impact supply chain activities for procurement and business areas conducting their own sourcing.
• Review and recommend improvements on sourcing and third-party processes and operational matters.
• Reviewing of critical projects / contracts.
• Continue support provided to internal and external stakeholders via POPI mailbox.
• Ensure reporting is done accurately.
• Assist with Breach and incident escalations from business.
• Approval of training material, e.g., DSR, incident and breach, etc.
• Monitor, review and communicate the regulatory posts and ensure updates from the IR website are monitored and communicated.

Ensuring sourcing notifications from CLM are addressed.

• Project Management – develop and drive the execution of agreed projects, drive implementation, tracking, monitoring and compliance of projects, contract management in line with procurement policies, ensure effective implementation of the integrated project management model.
• Business Analysis – perform business analysis, fine tune policies, processes and systems, determine and review requirements for projects, design, analyse and document workflow, identify business improvement and optimisation opportunities, benchmarking.
• Construct business cases for initiations proposed by the business.
• Research and consider best practice, local conditions, trends, as well as competitor activity.

• Be an effective role model for leadership behaviors, leading by example with a positive make-it-happen attitude.
• Support decisions publicly once they have been made.
• Build and enforce a customer centric approach.
• Build employee relations and collaborative teamwork.
• Communicate actively and effectively resolving potential conflicts.
• Display insight into leadership style and its impact on performance positively and negatively.
• Have the self-insight and flexibility to adapt to different situations.
• Manage boundaries that separate units in order to optimize workflow.
• Live the MTN Brand – change and influence employees' behavior.

• Minimum of 3 year degree / diploma.
• Fluent in basic command of English.
• Minimum of 5 years’ experience in area of specialization (Information Privacy); experience in supervising / managing others.
• Experience working in a medium to large organization.
• Telco & IT experience will be advantageous.

Location: Sandton, Gauteng, South Africa

Employment type: Full-time

Job function: Legal

Industry: Telecommunications