Senior Manager - IP Regulatory Compliance Corporate Services at MTN

Responsibilities

Task Complexity:

Develop Information Privacy strategy and governance

• Contribute to IP strategy and alignment of organisational practices
• Optimise and embed effective IP Governance Model and Frameworks
• Analyse global regulatory landscape for Information privacy trends
• Align IP requirements to GDPR and other relevant best practice standards 
• Optimise and enhance IP Engagement structure to implement and drive IP regulatory initiatives and mitigate risks
• Provide input to the updating of an IP Maturity Model
• Quality assurance of all IP outputs
• Work with multiple custodial functions to ensure regulatory directives understood, accepted and implemented
• Engage with the Information Regulator and share all new regulation developments

Manage IP governance and compliance

• Maintain and update IP policy, standards, guidelines
• Ensure regular IP Assessments conducted and consolidate reporting on this
• Maintain MTN IP position statement from PoPI requirements, interpretation and embedment in the organisation (get all relevant input from IP Operational team)
• Stay abreast and enforce current Information Privacy legislation, standards and best practices
• Continuously interpret and translate relevant regulatory requirements and implement into all relevant IP artefacts (policies, standards, guidelines, processes, tools, frameworks, notices, contracts, clauses, etc.)
• Support completion and evaluation of Third Party questionnaires
• Ensure commercial clauses and arrangements that govern privacy and data protection are consistently applied within the organisation
• Review Third Party and Supplier contracts to ensure PoPI clauses and IP requirements included
• Ensure alignment of IP requirements across business units and all additional legal entities
• Work closely / collaborate with custodial functions to ensure IP compliance and embedment 
• Provide input to Glossary from an IP perspective
• Manage Business Compliance with specified business units, manage monthly IP meetings and close out Remedial actions
• Collaborate with relevant custodial functions to ensure IP compliance and embedment 

Manage PI Incident Management

• Maintain and update PI Incident Management policy and all associated artefacts
• Provide input to PI Incident Management processes, tools 
• Manage PI Incidents
• Effectively manage all PI Incidents (Customer, Business, Third Party and Employee) 
• Manage the PoPI mailbox and communicate to all Data Subjects’ questions, queries, concerns and incidents
• Root cause analysis on identified PI Incidents
• PI Incident root cause analysis post mortem reporting
• Provide IP SME advice to manage complex PI Incident / Breach situations
• Draft responses and communication to data subjects in relation to breaches and complaints, objections and queries.
• Distribute all communication to Information Regulator and other required compliance bodies

Manage Consent Management

• Update and Manage all IP notices for (Customer, Employee, Third Party)
• Manage implementation of all IP notices
• Manage Supplier (procurement and third party) update and embedment of processes in the business
• Provide input to Direct Marketing artefacts and embedment in the business
• Conduct Third Party/Supplier evaluations and provide relevant feedback to Business Units
• Ensure adherence to the Supplier (procurement and third party) process in business

Educate the business on Information Privacy

• Educate the business on  regulatory requirements relating to all IP focus areas 
• Manage and oversee the education of business on relevant IP focus areas: IP Consent & Notice; Direct Marketing, PI Incident Management
• Manage the creation of relevant training material and roll out of these
• Become the go-to-person for business on all IP Regulatory matters

Monitor and report on Information Privacy 

• Ensure compliance risk assessments are conducted on a regular business 
• Provide input to IP compliance risks and mitigation plans
• Assist in the monitoring of the effectiveness of the Information Privacy practices (regulatory requirements)
• Report on root cause analysis of incidents
• Evaluation of Data Subject requests to conduct Trend Analysis
• Report to Information Privacy Compliance Council
• Develop reporting tools, optimize and maintain relevant reporting tools to ensure effective reporting on Information Privacy
• Monitor Information Regulator website, communication and all relevant correspondence in order to pro-actively participate in any communication opportunities with the Regulator 
• Reporting on Supplier onboarding 

Supervisory / Leadership / Managerial Complexity: 

• Be an effective role model for leadership behaviours, leading by example with a positive make-it-happen attitude.
• Support decisions publicly once they have been made.
• Build and enforce a customer centric approach. 
• Lead and manage employees to effectively and productively deliver against KPI’s and agreed milestones.
• Build employee relations and collaborative teamwork. 
• Communicate actively and effectively resolving any potential conflicts that may arise.
• Display insight into leadership style and how it impacts on performance positively and negatively.
• Have the self-insight and flexibility to adapt to different situations.
• Manage boundaries that separate units in order to optimise workflow.

Qualifications

Education

• Minimum of 4 year degree/diploma 
• LLB or equivalent commercial legal degree
• Fluent in basic command of English 

Experience:

• Minimum of 4 years’ experience in area of specialisation (Information Privacy)
• Minimum of 6 years experience in supervising/managing others
• Experience in managing others’ deliverables, quality output, deadlines 
• Experience working in a corporate environment
• Worked across diverse cultures 
• Must have commercial legal experience. 
• Telco / similar industry experience is advantageous
• Experience in working within a team and across the organisation (able to multi-task and switch between the two)

Training:

• PoPIA and other related Privacy regulation knowledge
• Information Security knowledge preferable
• Data Privacy Certification
• Compliance / Regulatory training