Data Protection and Privacy at AECI Limited

Job Description

Purpose of the Job:

• To safeguard the organizatdion’s sensitive data and ensure compliance with global privacy regulations by implementing robust data protection strategies, managing DLP and classification tools, and leading breach response efforts.
• This role is responsible for embedding privacy awareness across the business, conducting privacy impact assessments, and aligning security controls with legal and regulatory requirements.
• It plays a critical role in reducing data-related risks and maintaining trust with stakeholders, regulators, and customers.

Key Internal Stakeholders

• Legal and Compliance Teams – to ensure alignment with POPIA, GDPR, and other privacy regulations, and to support regulatory reporting and contract reviews.
• Information Security Team – for integrating privacy controls with broader security frameworks, including DLP, IAM, and incident response.
• IT Infrastructure and Operations – to implement and maintain technical controls such as data classification, retention policies, and access management.
• Human Resources (HR) – for coordinating privacy training, awareness campaigns, and handling employee data responsibly.
• Engineering and Development Teams – to embed privacy-by-design principles and support security champion program

Key External Stakeholders

• Regulatory Authorities – such as the Information Regulator (South Africa) and EU Data Protection Authorities,
• Third-party Vendors and Service Providers – to ensure data processing agreements are in place and privacy obligations are met.
• External Auditors – for independent assessments of privacy controls and compliance posture.
• Customers and Data Subjects – whose personal data must be protected and whose rights must be respected under applicable privacy laws.

Key Performance Areas

• DLP tools, data classification policies Implement and manage DLP and data classification programs to identify, categorize, and protect sensitive information across the organization.
• Privacy regulations (POPIA, GDPR, etc.) Ensure compliance with global privacy laws through audits, policy updates, and staff training initiatives.
• Security awareness content and training schedules Design and deliver targeted security awareness programs, focusing on data protection best practices and breach response protocols.
• Engineering team engagement and training metrics Develop and maintain security champion programs to embed privacy awareness within technical teams.
• Breach reports, incident logs, and regulatory timelines Lead incident response for data breaches, including investigation, documentation, regulatory reporting, and remediation.
• System and process risk assessments Conduct Data Privacy Impact Assessments (DPIAs) for high-risk systems and processes to identify and mitigate privacy risks.
• Collaboration with IT and legal teams Align security controls, retention policies, and access management with privacy requirements through cross-functional collaboration.

Qualifications & Experience

• Bachelor’s degree in Information Security, Law, Computer Science, Information Systems, or a related field.

Professional certifications in data privacy and protection, such as:

• Certified Information Privacy Professional (CIPP) – preferably CIPP/E or CIPP/US
• Certified Information Privacy Manager (CIPM)
• Certified Data Privacy Solutions Engineer (CDPSE)
• Microsoft certifications aligned to privacy, compliance, and data governance:
• SC-900: Microsoft Security, Compliance, and Identity Fundamentals
• SC-400: Microsoft Information Protection Administrator – focused on Microsoft Purview, DLP, and data classification
• MS-500: Microsoft 365 Security Administration – for broader security and compliance capabilities in Microsoft 365
• Familiarity with Microsoft Purview for data classification, DLP, and compliance management is highly advantageous.
• Additional training in POPIA, GDPR, and other global privacy regulations is essential.
• 5–8 years of experience in data protection, privacy, or information security roles, with a strong focus on regulatory compliance and privacy operations.
• Demonstrated experience implementing and managing Data Loss Prevention (DLP) and data classification technologies.
• Proven track record in conducting Data Privacy Impact Assessments (DPIAs) and managing privacy risks across enterprise systems.
• Experience leading data breach investigations, including regulatory reporting and remediation planning.
• Background in designing and delivering security awareness and training programs, especially around privacy and data handling.
• Familiarity with working across legal, IT, and engineering teams to align privacy controls with business and regulatory requirements.
• Experience with global privacy regulations such as POPIA, GDPR, and CCPA is essential.

Attributes

• Implementation and management of Data Loss Prevention (DLP) and data classification tools
• Conducting Data Privacy Impact Assessments (DPIAs) and privacy risk evaluations
• Designing and delivering security awareness and training programs
• Leading incident response for data breaches, including investigation and regulatory reporting
• Collaborating across legal, IT, and engineering teams to align privacy and security controls
• In-depth understanding of global privacy regulations (e.g., POPIA, GDPR, CCPA)
• Familiarity with data protection frameworks and best practices
• Knowledge of access management, data retention policies, and breach notification requirements
• Awareness of privacy-enhancing technologies and secure data handling practices
• Understanding of organizational data flows, especially in cloud and hybrid environments
• Strong ethics and integrity, especially when handling sensitive personal data
• Detail-oriented with a proactive approach to identifying and mitigating privacy risks
• Excellent communication skills, able to translate complex privacy requirements into practical guidance
• Collaborative mindset, working effectively with cross-functional teams
• Resilient and calm under pressure, particularly during breach investigations or audits

Closing Date

• 2025/07/25