Privacy Manager

1. Position Details
Name of staff member: Privacy Manager
Proposed position and grade: C2
Business Unit: Quality and Risk Management
Managing any People: Yes (1 Privacy Specialist)
Reports to: Chief Information Security Officer

2. Overall Purpose Of The Role
The Privacy Manager is responsible for managing the daily operations of the Privacy Team. The Privacy Manager will be responsible for the management of privacy aspects of client and supplier agreements and requests for proposals, conducting privacy impact assessments, managing privacy breach investigations, privacy policy and procedure reviews, and other privacy-related tasks. The Privacy Manager will also be responsible for providing guidance on privacy-related matters to firms located in the rest of Southern Africa namely Botswana, Mauritius, Mozambique, Namibia, Zambia, and Zimbabwe.

3. Position Specifications
Educational (minimum level necessary to perform the job):
Professional / Tertiary

• Professional
• LLB Degree
• Professional Privacy certification (preferred)

• 5 years' experience as a legal professional
• 2 years' management experience
• 3 years' privacy-related experience

5. Core Competencies (Attributes)

• Attention to detail and ability to adapt to changing environments
• Ability to analyze and interpret information
• Able to work independently and as part of a team
• Ability to organize, manage and prioritize multiple tasks and work under pressure
• Ability to lead, manage and prioritize workload of team members
• Ability to cope with high-stress environments

6. List of Key Performance Areas & Key Performance Indicators
Main responsibilities:

• Develop, implement, and manage policy, processes, and procedures
• Develop, implement, manage, and continuously improve privacy policies, processes, procedures, and protocols.
• Ensure communication of policy, processes, procedures, and protocols updates to staff.

Privacy Breach Investigation

• Management of the firm's privacy breach investigation process.
• Ensure that investigations are complete promptly and according to the applicable legal and regulatory requirements.
• Provide status reporting to management.

Review of Privacy related clauses of client, supplier, RFP, NDA, etc.

• Conduct privacy review of client, supplier, NDA, etc. agreements ensuring adequacy for the personal information under the firm's control.
• Review and update privacy-related aspects of agreement templates.
• Ensure stakeholder communication.

Conducting Privacy Impact Assessments

• Conduct Privacy Impact Assessments on new technology and business processes.
• Ensure that all Privacy Impact Assessment registers are maintained and accurate.
• Ensure stakeholder communication.

Stakeholder Management

• Ensure appropriate escalation to the Africa CISO of priority issues.
• Ensure appropriate communication with internal and external stakeholders.

Privacy Awareness

• Development and distribution of privacy awareness material.

Privacy Subject Matter Guidance

• Provide expert Privacy guidance to business units.

Management Compliance Activities

• Continuously monitor Privacy-related notifications from applicable regulators to develop implementation actions to ensure compliance.
• Assist with Privacy Audit activities and development and implementation of remediation activities.