Data Privacy and Protection Specialist at FirstRand Corporate Centre

Job Description

• To ensure the lawful processing of personal information in accordance with data privacy, protection legislation and regulations that applies to FirstRand, including information management best practices that aim to provide an independent privacy compliance advisory, risk assessment and monitoring service to FirstRand segments and business units.

Role Purpose:

• We are seeking a highly skilled and experienced Data Privacy Technical Subject Matter Expert (SME) to join our Data Privacy and Protection Centre of Excellence (CoE). This role is pivotal in strengthening our data privacy and protection capabilities across the organisation, particularly in high-demand segments such as R&C, RMB, and Broader Africa.

Key Responsibilities:

Privacy Operations & Governance

• Represent the CoE and provide subject matter expertise in privacy for Information Governance, Cyber Security, and Incident Response projects across FirstRand.
• Support the evolution of FirstRand’s privacy program globally in alignment with international data protection frameworks and best practice.
• Draft, review, maintain, and harmonise privacy documentation, including internal procedures, notices, guidance, and training materials.
• Identify and assess potential privacy risks inherent in technical designs and implementations and contribute to implement privacy enhancing features and fixes.
• Maintain and oversee privacy risks, coordinating with stakeholders to ensure implementation of mitigation plans.
• Engage with data owners, architects, and product teams to embed privacy-by-design (PdD) principles generally. Collaborate with relevant teams to ensure PdD in the development and deployment of AI, analytics, and other emerging technologies.
• Contribute to the privacy risk assessments for AI and other innovative use cases for technology, data sharing, and automation tools.
• Support the automation of privacy operations to scale compliance and accelerate the responsible use of personal information across FirstRand. Oversee implementation, ongoing management, reporting, and quality control of privacy management platforms and tools. Collaborate with information security and information technology teams to align privacy technologies with security controls.
• Develop and maintain user guidelines and provide training on privacy platform functionality and best practices, including privacy assessments, records of processing activities (RoPA), third party risk assessments, and incident management.
• Review governance and business requirements and define workflows and processes that support efficient privacy management activities within FirstRand.
• Enhance and support the privacy incident management process, coordination efforts, investigations and root cause assessments.
• Conduct and advise on privacy assurance, monitoring, and audit activities.
• Conduct and advise on data privacy impact assessments, third party risk assessments, and the management of RoPAs.  
• Act as the initial point of intake for data subject access and rights requests received centrally; route requests to appropriate owners, track completion, and maintain oversight of the process to ensure compliance. Support development and automation of Data Subject Rights' workflows.
• Establish and manage essential privacy management information (PMI) dashboards and reporting tools. Track key metrics such as the number of Data Subject Access Requests (DSARs), incident volumes and trends, initiated and completed Data Protection Impact Assessments (DPIAs), vendor reviews, and other relevant data across FirstRand.
• Generate and maintain regular privacy dashboards and team reports, providing quarterly insights on performance, trends, and compliance health. Support regulatory audits and internal reporting with accurate metrics and documentation.
• Coordinate and deliver privacy training and awareness initiatives across the Firm, ensuring global relevance and compliance with local regulations. Assess training needs by engaging stakeholders, reviewing incidents/metrics, and staying current on regulatory requirements and organizational changes.

Required Qualifications:

• Minimum: LLB, B.Com LLB, or Bachelor's in Computer Science, IT, Cybersecurity, Risk Management, Audit, or related field.
• Advantageous: CIPP/E, CIPT, AIGP, or similar.

Experience:

• 4–5 years in Data Privacy Programme Management, Privacy Engineering, Cybersecurity, or related fields.
• Proven experience with data privacy laws, compliance frameworks, and IT risk governance.
• Exposure to privacy issues related to AI, data analytics, or other emerging technologies is a strong advantage.

Advantageous:

• Hands on experience with industry leading privacy management platforms and tools (e.g., OneTrust, TrustArc, Securiti, etc.).
• Governance, Risk and Compliance automation.
• Experience in supporting ISO 27001/277701 alignment efforts.

Core Competencies:

• Ability to deliver practical, pragmatic, and creative privacy solutions.
• Strong analytical and problem-solving skills, with the ability to use metrics to drive improvement.
• Excellent communication and interpersonal abilities, with an ability to explain complex privacy and data protection issues to lay audiences.
• Proficiency in data privacy and protection principles.
• Understanding of AI ethics and data governance frameworks.
• Familiarity with digitisation, legal advisory, and audit practices. Comfortable working with cross-functional teams across legal, compliance, technology, security, and first line operations.

Deadline:10th February,2026