Job Vacancies at Mukuru

An exciting opportunity has become available for a Data Protection Officer to join the Mukuru team.

The purpose of the position (DPO) is to encourage and ensure compliance with regulations governing data privacy and the protection of and access to information. The DPO will develop, maintain, and monitor the Group data protection, privacy and access to information strategy, framework, policies and standards (programme) for effective implementation. The DPO will serve as the primary point of contact for Regulators and data subjects concerning data protection, privacy, and access to information within Mukuru.

The DPO should have oversight on implementing the Group data protection, privacy and access to information programme and report on an ongoing basis to senior management forums on its effectiveness. The DPO will work closely with the Heads of Compliance, Risk and Legal, and the Regulatory Compliance Change Programme Manager as part of second-line management. The DPO will support and work closely with first-line management, including the Data Governance Manager, Data Privacy Commercial Legal Advisor, Head of Information Security, Head of IT Strategy and Architecture, and Chief Information Officer

Duties and Responsibilities include (but is not limited to):
Develop, maintain, and monitor the Group data protection, privacy and access to information strategy, framework, policies and standards for effective implementation throughout Mukuru.
Have oversight on the implementation of the Group data protection, privacy and access to information framework and report on an ongoing basis to senior management forums on its effectiveness
Work closely with the Heads of Compliance, Legal and Risk, General Counsel, Regulatory Compliance Change Programme Manager, Product Owners, and other Compliance Management Members
Guide on the implementation of data privacy, protection, and access to information governance frameworks under the Group’s regulatory obligations
Guide and oversee impact assessments and internal data privacy and protection audits.
Work closely with the Procurement, Data Governance Manager, Data Privacy Commercial Legal Advisor, Head of Information Security, Head of IT Strategy and Architecture, and Chief Information Officer to effectively implement adequate controls.
Attend various regulatory compliance governance forums focussing on the development, implementation and/or remediation of data protection and privacy controls across the Group
Raise compliance risks and areas of non-compliance, together with proposed recommendations to address such risks and remediation of non-compliance
Provide subject matter expertise and fit-for-purpose recommendations relating to Mukuru’s data protection, privacy, and access to information requirements
Assist with clarifying regulatory requirements on projects and BAU to ensure that requirements are understood, clearly documented, and implemented
Assess and provide regulatory guidance to existing and potential new products and services within Mukuru, as well as expansion into new geographies
Work with the technical teams to translate complex regulatory requirements into fit[1]for-purpose technical requirements, with emphasis on the effectiveness and sustainability of proposed solutions Ÿ Provide advice and recommendations relating to data protection impact assessments performed by Information Security
Assess 3rd parties’ data protection and privacy frameworks, policies, standards, processes etc. as part as partner and vendor due diligence
Develop and monitor the implementation of policies, standards, procedures, and other documents applicable to business and in compliance with the applicable privacy, protection and access to information laws and regulations
Develop templates for data collection, advising on and assisting with data mapping and records of data processing, and vendor management reviews
Understand the business of Mukuru to draft fit-for-purpose written guidance to employees on the appropriate implementation of data protection and privacy rules, laws and standards through policies, procedures, and other required artefacts
Perform testing on the effectiveness of the controls implemented by the first line of defence (business).
Monitor compliance and data practices internally to ensure that the business and its functions comply with the applicable privacy, protection and access to information laws and regulations
Document and maintain risk and breach registers, tracking the implementation of remediation against appropriate business owners
With the support of the Head of Information Security and Data Governance Manager, develop and maintain a personal data security incident management plan to ensure timely remediation of incidents impacting personal data, including impact assessments, breach response, complaints, claims or notifications.
Be actively involved and support the Group during external audits and/or inspections of all data protection, privacy and access to information controls implemented
Register with the applicable Information Regulators and serve as the primary contact for all such Regulators in the jurisdictions where the Group operates
Serve as the primary point of contact where data subjects raise queries, concerns and complaints relating to the processing, handling, or retention of their personal information, as well as access to information requests
Evaluate and approve requests for access to information received regarding the grounds set out in PAIA within the time constraint or any extended period.
Work with the Regulator concerning investigations conducted to prior authorisations or potential contravention of Regulations.
The DPO will be responsible for the development of training content (in consultation with Mukuru Learning and Development) and the facilitation thereof
Attend all required training courses, internally and externally
Obtain/maintain professional membership to ensure that role remains current in terms of trends, legislative and regulatory updates
Attend and, where requested, participate in local and international training and awareness conferences
Monitor all current and future legislative requirements relating to data protection and privacy regulations, legislations, guidelines, and best practice
Identify development areas in your role and work with your Department Heads on your Personal Development Plan

Key Requirements:

• Grade 12 or equivalent
• Law / post graduate leg risk or audit qualification
• Hold at least one data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB, etc. (preferred) or willingness to achieve within a short period of being appointed.
• Excellent working knowledge of data protection, privacy, and access to information laws applicable to Africa, the UK and EU
• Experience in regulatory compliance, focusing on data and privacy governance framework to manage data use in compliance.
• Sound understanding of compliance methodology, working knowledge of all elements comprising.

Beneficial:

• Knowledge of payment, information technology and data management systems
• Knowledge of contracts and commercial agreements
• Able to exercise independent judgment and act on it
• Excellent drafting, investigation, and communication skills
• Excellent presentation skills
• Drafting in a well-structured and logical way – must have the ability to write and review regulatory compliance guidance notes and reports with detailed requirements to inform the business of regulatory requirements and potential impact
• Ability to undertake large, long-term projects, develop alternative methods to complete them and support business in implementing sustainable and fit-for-purpose solutions.
• Logical, practical, and efficient, with keen attention to detail and focus on sustainability
• Highly self-motivated and directed
• Ability to effectively prioritise and execute tasks while under pressure
• Must be able to adapt quickly to change, be agile in approach, but thorough in execution
• Ability to communicate technical and complex regulatory concepts to stakeholders
• Advanced communication and stakeholder management skills
• Hybrid way of work (Various Mukuru Offices, Home)

Additional Skills:

• 5 to 8 years of experience in compliance, legal, audit and/or risk function (regulated industry).
• Must have at least 4 (four) years of recent experience in data protection, privacy and access to information laws and regulations in South Africa (POPIA, PAIA), European data privacy laws (GDRP), UK data protection act, any other data privacy legislation or regulation
• Experience in developing and facilitating compliance training
• Experience working independently as well as in a team-oriented, collaborative environment
• Working in a fast paced and high-pressure environment requiring high energy
• Working within an Agile environment

go to method of application »

An exciting opportunity exists for an Information Security Compliance Specialist to join the Mukuru Team 

The information security specialist supports the information security team in implementing the Mukuru information security programme and privacy programme to improve, maintain and assess security measures across the business.

Reporting directly to the head of information security, this role is to ensure security controls are implemented and managed across Mukuru’s production application stack and infrastructure to improve the overall security posture while maintaining the security integrity of the Mukuru brand.

This role suites a technically inclined individual who enjoys interacting with people and is self-driven with interest in problem solving.

You will function as an analyst to interrogate processes across the company as well as implement security measures, drive compliance, improve security hygiene and resolve issues by responding to IT threats and vulnerabilities. Key duties include managing various security registers across the environment as well dealing with 3rd party due diligence assessments.

You will maintain controls to protect unauthorized access, disclosure, modification, and deletion of Mukuru’s information, resources and networks. You have an eye for detail and are always looking to improve Mukuru’s overall security position. This includes conducting routine security risk analysis, balancing business needs against best practice, monitoring vulnerabilities and record and mitigate risk.

Duties and Responsibilities (Include but is not limited to):

• Maintaining the information security management system
• Supporting the Data Protection Program
• Build and review secure procedures, operational guidelines, policies and standards.
• 3rd Party Risk management
• Maintain security and privacy registers.
• Perform Data Privacy Impact Assessments
• Carry out audits on IT procedures, systems and networks.
• Identify potential areas of risk that need to be addressed.
• Implement SOPs where required.
• Maintain tight access controls across the business.
• Process hardening and upliftment.
• Incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
• Resolve audit findings.
• Compile ad-hoc reports on security focus areas
• Attend all required training and courses.
• Recognised industry certifications such as CISSP, ISSAP, CISM, ISO 27001, OSCP, CEH
• Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behaviour.
• Investigate security breaches, including root cause investigations.
• Maintain current knowledge of cyber security incidents and trends.
• Keep up to date with the latest industry trends, tools and standards.
• Research new technologies and approaches in order to ensure best practice is applied.
• Identify innovative approaches to ensure world-class security measures are in place.
• Gather all IT security statistics.
• Compile accurate monthly reports and submit to Head of Information Security
• Attend KPI meetings and 1on1s.
• Maintain knowledge of legislative and industry security requirements

Key Requirements:

• Grade 12 or equivalent (Essential)
• Tertiary qualification in computer science or related field (Essential)
• 4+ years’ experience in IT systems security (Essential)
• IT operations
• DevOps or DevSecOps
• Banking/fintech background favourable
• Knowledge of IT systems and network security
• Knowledge of Cloud Platform security
• Container security
• Software security
• Vulnerability scanners, Anti-malware, EDR, etc
• Frameworks such as ISO27001, BSIMM,

Additional Skills:

• Multitasking skills
• Computer skills
• Attention to detail.
• Analytical skills
• Report Writing
• Ability to work fully independently.