Job Description

Company based in Bree Street, Cape Town

Industry - Telecommunications

Permanent

Please forward your updated CV to Michelle - kindo.m@abcworldwide.com

Data Privacy Analyst

Implementing and integrating data governance & privacy practices, in line with regulatory requirements, across the Group to enhance privacy maturity, and ensure compliance with privacy laws and regulations when processing personal information.

KEY RESPONSIBILITIES

Responsibility

Core activities

Framework

IT Privacy Assessments

• Conduct and maintain privacy processes including data protection impact assessments (DPIA) and Data Processing Assessments (DPA)
• Support the ongoing effort to update record of processing assessments (ROPA) for IT applications
• Maintain records of processing activities (ROPA) and safeguards such as privacy by design, to ensure compliance to regulatory requirements

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

IT Privacy Policies and Procedures

• Help mature policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles, and responsibilities) consistent with risk strategy, to protect personal and sensitive data
• Understand the current state of privacy maturity within and maintain measurement of the impact of the Privacy Program on maturity

NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Personal Data Governance

• Implement and integrate data privacy and governance practices across to address regulatory compliance and protect sensitive information
• Facilitate the management and governance of personal data to protect individuals' privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention)

NIST, ISO

Third Party Privacy Assessment

• Assess privacy posture of new vendors and detail associated privacy risks
• Support business on details Data Processing Agreements
• GAP analysis of technical and organizational measures (TOMS)
• Audit clause reviews
• Sub processor risk analysis

SOCI, SOCII, SOx

Policy & Procedure Management

• Assist in the review and maintenance of the repository of IT policies and procedures. Ensure IT policies and procedures are updated as and when required, while ensuring privacy impacts are considered.

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

To conduct and facilitate reviews of IT privacy controls based on standard methodologies and an understanding of technical infrastructure, IT & privacy risk and cyber security

• Facilitate reviews of IT risk compliance work programs with technical teams
• Carry out reviews to a professional standard
• Issue agreed review finding reports
• Facilitate the remediation process for gaps / weaknesses identified
• Identify areas of improvement
• Evaluate the design and the effectiveness of current security controls from an IT Risk & Compliance perspective

NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Cross competency collaboration

• Work with Legal Compliance on privacy matters relating to personal data processing
• Collaborate with key business functions on IT privacy matters (Security, Legal, Procurement, HR, IT)
• Assist with evidence provision and query response turnaround

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Assist with the ongoing monitoring of the IT Compliance Programs

• Ongoing Monitoring of compliance to IT control & security requirements for designated systems
• Assist with the remediation process for gaps / weaknesses identified

CobIT, SOx 404, ISO27001, ISO27018, ISO27017, ISO27005, ISO31000, NIST

Assist with the review and monitoring of the IT privacy risk assessments & reviews

• Assist with IT privacy risk assessments and reviews people systems
• Assist with monitoring & risk remediation programs with technical teams

IAPP, ISO27001, ISO27017, ISO27701, Region Specific Regulatory Requirements, GDPR, CCPA, POPIA, LGPD Brazil, SCCs

KPI's

Complexity

• Number of DPIAs conducted
• % of ROPA's completed
• Number of Vendor assessments and SCCs completed

Moderate

Key Business contacts (internal):

Key Business Contacts (external):

Group IT Technology, Trust and Resilience Privacy Manager Robert Furlong

Group IT Technology, Trust and Resilience Director Paul Hamill

N/A

Experience

• 3- 4 years
• IT Privacy Assessment: GDPR qualification is preferred, but rather the ability to pick up new Privacy qualifications is important
• IT P&P Assessment: NIST is preferred
• Education: High school would be sufficient; CIPP is preferred but current study towards CIPP would also be acceptable.

AKA Brip Careers Worldwide