Privacy Information Officer at Hollard Insurance

Job Advert Summary    
Overall: Responsible (strategically and operationally) for Information Privacy and Compliance to POPIA and PAIA across Hollard and Third Parties by directing the development, implementation, co-ordination and oversight of privacy policies and procedures

• Strategic direction, governance, and oversight
• Develop a privacy strategy and governance across Hollard
• Continuously implement the Target Operating Model to maintain a Privacy Way of Work and integrate the privacy function within Hollard
• Inform and monitor Hollard’s privacy risk appetite and changes to it
• Monitor the evolving data privacy regulatory landscape to keep visibility on trends, and best practices to adequately address current polices or standards  
• Apply and interpret information privacy legislation, standards, and best practices
• Develop privacy policies or privacy related policies and ensuring they are reviewed on an annual basis
• Implement, monitor, and measure the effectiveness of the information privacy practices in line with the information privacy policies, standards, frameworks and strategies
• Draft and maintain the PAIA manual and access requests from data subjects in a timely manner
• Keep privacy notices and data protection clauses within agreements up to date or at least reviewed annually
• Manage and report on the status of data privacy risk to internal and, where relevant, external stakeholders, including regulatory bodies
• Keep up to date and maintain privacy Key Risk Indicators and identify and warn Exco and the Audit Committee of emerging risks. Develop how those risks may be managed, by providing actionable intelligence
• Establish, maintain, and drive the Privacy Council where senior stakeholders and the Deputy Information Officers feedback to the Privacy Office on implementation progress and escalate any challenges
• Appoint Deputy Information Officers for each Business Unit and provide direction to ensure privacy principles are applied across the Business Units
• Hold Deputy Information Officers accountable for privacy compliance within their area/s
• Provide guidance to the project managers and monitor progress on data privacy projects/tasks through bi-weekly forums.
• Create a process for monitoring organizational practices to identify new processes or material changes to existing processes to ensure the implementation of Privacy by Design principles
• Responsible point of call to the Information Regulator; Notify the Regulator of any privacy breaches and assist the Regulator to conduct investigations, if required
• Notify data subjects of any privacy breach for remediation purposes
• Address complaints in the PoPIA mailboxes
• Facilitate data subject requests and ensure they are resolved timeously
• Maintaining an effective data privacy incident and breach management program including testing this regularly)
• Collaborate with IT/Information security to ensure the appropriate level of data security is applied as well as implementation of the Cybercrime Act
• Understand IT systems, cyber security, and processes to ensure data is adequately protected
• Select and maintain software used to automate operational processes such as data subject requests, direct marketing database and incident reporting
• Ensure Third-party risk assessments are completed and monitor that data privacy gaps are remediated by third parties
• Promote information privacy awareness throughout the organisation by providing training and written procedures that are made available to all staff. As well as drive awareness organisation wide
• Maintain an inventory (PI Inventory) of the location of key personal data storage or personal data flows with defined classes of personal data
• Consult with stakeholders throughout the organization on data privacy matters
• Participate in investigations, reviews, approvals, incidents, and exceptions to address matters impacting the risk
• Assess and conduct data protection impact assessments on business projects and requests to ensure that information privacy considerations are fulfilled
• Ensure personal information is classified and only kept for as long as Hollard has a purpose to process it
• Draft Reports to Group Exco, the Audit & Compliance Committee and any other relevant forum for reporting and governance oversight purposes
• Stakeholder management

Required Knowledge and Experience    

• Knowledge of PoPIA, PAIA, GDPR and other relevant international data privacy laws -Level: Solid
• Information security and cyber security knowledge -Level: Solid
• Knowledge of Data Privacy Risk Management, Control and Assurance -Level: Advanced
• Knowledge of relevant local and international regulatory environment including data privacy -Level: Solid
• Knowledge of data governance and risk governance frameworks -Level: Solid
• Knowledge of Compliance best practice -Level: Solid
• Strong leadership Skills -Level: Solid
• Intellectual and analytical Skills -Level: Solid
• Good verbal and written communication Skills -Level: Advanced
• Conflict Management skills -Level: Advanced
• Change Management Skills -Level: Solid
• Sound judgment and strategic abilities -Level: Advanced

Required Behavioural Competence

• Analysing and executive business report writing
• Coping with pressures and setbacks
• Strategic, entrepreneurial, and commercial thinking
• Deciding and initiating action
• Formulating strategies, polices, procedures and concepts
• Leading and supervising
• Persuading and influencing
• Presenting and communicating information
• Relating and networking
• Cross functional collaboration

Educational Requirements    

• Degree in Information Technology/ Systems
• (5 - 8) years’ experience in Data Privacy, IT, Compliance, Data Risk Management, Audit or Risk management
• (3) years management experience

Closing Date: 11th, April 2022