Data Security and Privacy Manager at The Coca-Cola Company

Key Duties & Responsibilities    

• Continuously staying up to date on data security and privacy laws, trends and issues, including current and emerging technologies, legislation and best practices.
• Advising and educating CCBA stakeholders on the relevance and impact of data privacy laws and recommending and implementing changes to CCBA policy and/or practice where appropriate.
• Following and keeping up to date with data and information security trends in data privacy management, solutions, and optimisation.
• Researching, evaluating, and advising on the adoption of data privacy and information security philosophies, regulations, solutions, and management approaches.
• Serving as the primary point of contact and acting as expert in advisor to the CCBA enterprise for new and existing security and privacy regulations and required controls.
• Analysing current internal data privacy and information security approaches, standards, and enforcement in CCBA.
• Identifying and analysing regulatory, industry and international requirements and standards for data privacy and information security.
• Monitoring and researching industry directives and legislation to identify leading practices for protecting CCBA data assets and for ensuring compliance.
• Creating a best practice strategy for CCBA future data privacy and information security management and adherence.
• Developing a gap analysis between the to be scenario and the current as-is situation and planning the remediation plan to realise the strategy.
• Developing roadmaps, plans and business cases to communicate planned initiatives and to obtain approvals through the Demand Management process.
• Continuously adjusting and updating the strategy, plans and budgets to ensure continuous relevance to evolving legislative, market, and industry requirements.
• Collaborating with the relevant departments in the development and implementation of appropriate information security and privacy policies, processes, and other resources, ensuring all resources meet applicable legislative and regulatory requirements.
• Regularly collaborating with the CISO to report on the company’s privacy posture to business leaders and department stakeholders.
• Leading the development and updates of data privacy and security policies to ensure the protection of corporate data against unauthorized use, access, modification, disclosure, and deliberate or inadvertent destruction.
• Identifying data leak avenues and ensuring implementation of appropriate data leakage controls.
• Implementing appropriate data security controls to protect data at rest, in use and in transit.
• Developing required data security and privacy operating procedures, playbooks, and practices.
• Setting up and maintaining a documentation library for data security and privacy-related procedures, playbooks, and practices.
• Collaborating with relevant stakeholders and project teams to ensure privacy principles are embedded in architecture, infrastructure, and code.
• Leading efforts to obtain data privacy and security certification for CCBA for relevant national and international accreditation bodies.
• Designing reports and generating security, privacy, and compliance metrics that are meaningful and actionable.
• Taking ownership of and acting as the programme manager for the implementation of the data security and privacy solutions and practices across all technical and business solutions.
• Supporting privacy-based implementations for business and regulatory requirements.
• Ensuring CCBA’s proactive compliance with all regulatory-mandated data security and privacy requirements including POPIA and GDPR.
• Verifying proper privacy controls and remediation initiatives are in place, where applicable.
• Raising awareness across CCBA of the importance of data security and data privacy through the creation and delivery of appropriate training and other awareness initiatives to CCBA team members and relevant third parties.
• Performing due diligence and compliance monitoring of relevant third parties to ensure that the CCBA’s data security and data privacy requirements are complied with.
• Planning milestones for deliverables and deployment of system functionality and creating a plan that visualises the timeline.
• Tracking progress against milestone dates and reporting on progress.
• Managing deviations and escalating roadblocks.
• Managing project resources assigned to the project plan.
• Meeting regularly with senior level business stakeholders to identify, agree and understand dynamic changes to their business unit and functional strategies.
• Meeting regularly with the Corporate Information Security Office team members and his/her manager to report progress, raise issues and brainstorm solutions.

Skills, Experience & Education    
Qualifications:

• The minimum qualification required for this position is a first degree in Information Technology, Computer Science, or Information Systems.
• A further degree would be an advantage.

Certifications:  Six (plus ITIL) or more of the following:  

• Certified Information Privacy Manager (CIPM) 
• NIST Cybersecurity Framework (NCSF)
• COBIT5 Implementation
• COBIT5 Assessor
• Certified in Governance, Risk and Compliance (CGRC)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• BCS IT Governance & InfoSec Basis Practitioner
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• Certified Information Security Manager (CISM) 
• Certified Information Systems Auditor (CISA)
• Certified Information Privacy Technologist (CIPT)
• Cisco Certified Network Associate – Security (CCNA)
• Relevant vendor/equipment specific certification

Experience:

• 12 to 14 years general work experience with at least 6 years relevant experience in Information Security or IT Governance.

Closing Date: 19th, June 2022