Job Description

Purpose of the Job: To safeguard the organization's sensitive data and ensure compliance with global privacy regulations by implementing robust data protection strategies, managing DLP and classification tools, and leading breach response efforts. This role is responsible for embedding privacy awareness across the business, conducting privacy impact assessments, and aligning security controls with legal and regulatory requirements. It plays a critical role in reducing data-related risks and maintaining trust with stakeholders, regulators, and customers.
Key Internal Stakeholders

• Legal and Compliance Teams - to ensure alignment with POPIA, GDPR, and other privacy regulations, and to support regulatory reporting and contract reviews.
• Information Security Team - for integrating privacy controls with broader security frameworks, including DLP, IAM, and incident response.
• IT Infrastructure and Operations - to implement and maintain technical controls such as data classification, retention policies, and access management.
• Human Resources (HR) - for coordinating privacy training, awareness campaigns, and handling employee data responsibly.
• Engineering and Development Teams - to embed privacy-by-design principles and support security champion program

Key External Stakeholders

• Regulatory Authorities - such as the Information Regulator (South Africa) and EU Data Protection Authorities,
• Third-party Vendors and Service Providers - to ensure data processing agreements are in place and privacy obligations are met.
• External Auditors - for independent assessments of privacy controls and compliance posture.
• Customers and Data Subjects - whose personal data must be protected and whose rights must be respected under applicable privacy laws.

Key Performance Areas

• DLP tools, data classification policies Implement and manage DLP and data classification programs to identify, categorize, and protect sensitive information across the organization.
• Privacy regulations (POPIA, GDPR, etc.) Ensure compliance with global privacy laws through audits, policy updates, and staff training initiatives.
• Security awareness content and training schedules Design and deliver targeted security awareness programs, focusing on data protection best practices and breach response protocols.
• Engineering team engagement and training metrics Develop and maintain security champion programs to embed privacy awareness within technical teams.
• Breach reports, incident logs, and regulatory timelines Lead incident response for data breaches, including investigation, documentation, regulatory reporting, and remediation.
• System and process risk assessments Conduct Data Privacy Impact Assessments (DPIAs) for high-risk systems and processes to identify and mitigate privacy risks.
• Collaboration with IT and legal teams Align security controls, retention policies, and access management with privacy requirements through cross-functional collaboration.

Purpose of the Job: To safeguard the organization's sensitive data and ensure compliance with global privacy regulations by implementing robust data protection strategies, managing DLP and classification tools, and leading breach response efforts. This role is responsible for embedding privacy awareness across the business, conducting privacy impact assessments, and aligning security controls with legal and regulatory requirements. It plays a critical role in reducing data-related risks and maintaining trust with stakeholders, regulators, and customers.
Key Internal Stakeholders

• Legal and Compliance Teams - to ensure alignment with POPIA, GDPR, and other privacy regulations, and to support regulatory reporting and contract reviews.
• Information Security Team - for integrating privacy controls with broader security frameworks, including DLP, IAM, and incident response.
• IT Infrastructure and Operations - to implement and maintain technical controls such as data classification, retention policies, and access management.
• Human Resources (HR) - for coordinating privacy training, awareness campaigns, and handling employee data responsibly.
• Engineering and Development Teams - to embed privacy-by-design principles and support security champion program

Key External Stakeholders

• Regulatory Authorities - such as the Information Regulator (South Africa) and EU Data Protection Authorities,
• Third-party Vendors and Service Providers - to ensure data processing agreements are in place and privacy obligations are met.
• External Auditors - for independent assessments of privacy controls and compliance posture.
• Customers and Data Subjects - whose personal data must be protected and whose rights must be respected under applicable privacy laws.

Key Performance Areas

• DLP tools, data classification policies Implement and manage DLP and data classification programs to identify, categorize, and protect sensitive information across the organization.
• Privacy regulations (POPIA, GDPR, etc.) Ensure compliance with global privacy laws through audits, policy updates, and staff training initiatives.
• Security awareness content and training schedules Design and deliver targeted security awareness programs, focusing on data protection best practices and breach response protocols.
• Engineering team engagement and training metrics Develop and maintain security champion programs to embed privacy awareness within technical teams.
• Breach reports, incident logs, and regulatory timelines Lead incident response for data breaches, including investigation, documentation, regulatory reporting, and remediation.
• System and process risk assessments Conduct Data Privacy Impact Assessments (DPIAs) for high-risk systems and processes to identify and mitigate privacy risks.
• Collaboration with IT and legal teams Align security controls, retention policies, and access management with privacy requirements through cross-functional collaboration.