Data Privacy Support Officer

Empowering Africa’s tomorrow, together…one story at a time.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The job holder will primarily be responsible for supporting the DPO in ensuring that the Bank complies with all Data Privacy and Protection requirements in the Legislation, Regulations, the Group Policy and associated standards. This will include below high-level tasks:
1. Gap and risk assessments based on regulatory and internal governance
2. Privacy Impact Assessments (PIA)
3. Breach management
4. Reporting MIs and KIs to Group DPO and other stakeholders
5. Training and awareness
6. Self-development and keeping abreast of latest best practices and understanding
7. Provide advisory services
8. Attend to regulatory requests, meetings and conferences
Additionally, the job holder will also be assisting the CSO Team in the following areas:
1. Managing Data Leakage Prevention (DLP) and release of emails
2. Projects and initiatives
3. Information including Cyber Security governance

Job Description

Data Privacy:

Legal/ Regulatory requirements and Policy Controls

Legislation: Mauritius Data Protection Act

• Participate in ensuring all sections and sub-sections of the local act, are implemented and embedded in the business.
• Work closely with the DPO and Compliance/legal departments to ensure procedures and processes are in place to comply with the guiding principles of the DPA.
• Support the DPO in ensuring the Bank is complying with all requirements as a Data Controller and ensuring timely reporting to the Data Protection Office as per the requirements of the act. Ensure any changes in the legislation are timely embedded across the business.

Group Data Privacy and Protection Policy

• Participate in implementing controls and procedures of the Group Privacy Policy across the Bank, aligning same to the local Data Protection Act.
• Support the Business units and functions by providing consistent and informed subject matter expertise and guidance so that privacy requirements are embedded into the products and services provided to both the customers and employees.
• Ensure any changes in the policy are timely embedded across the business.
• Follow self-development programs, certifications and keep up-to-date with the correct understanding of data privacy principles.

Awareness and Training

• Provide support as required in ensuring all colleagues follow a mandatory education and awareness training programme that will promote and embed a privacy risk and data privacy culture within the business.
• Monitor that 100% of all new joiners have followed the Privacy training within 3 months of their joining date while refresher training is given to all existing staffs at least once yearly.
• As part of the Awareness programme, participate in embedding a privacy culture across the business by delivering a refreshing approach to training and awareness to all colleagues.

Key Risk Assessments and Key Risk Reporting:

• Complete and share governance reporting on time.
• Timely completion of the Risk and Control Inventory (RACI) self-assessment.

Reporting and Incident Management

• Manage the breach management process from end to end, involving all stakeholders.
• Ensure all data privacy related incidents are captured as risk events on the Group’s incident management tool.
• Report breaches to the Data Protection Office after consultation with DPO, Compliance and Legal stakeholders.

Complaints

• Support the DPO in investigating and addressing complaints efficiently, responding to the customer at the earliest.
• Support the DPO in dealing with Data Subject Rights (DSR).

Strategic Projects and Remediation

• Work closely with the Group’s Privacy Office and the Group’s Chief Security Office to drive strategic initiatives/ projects/ remediations across the business.

Information Security Governance

Information Security

• Participate as required in priority tasks and initiatives under the CSO responsibility and the Information Risk Management.
• Support in releasing quarantined emails and other DLP related tasks.
• Understand Records Management, Access Control and Business Continuity; participate in improving these areas to positively impact data privacy.

Impact assessment and monitoring

• Assess PIAs and recommend approval of CSO and DPO.
• Keep the Records of Operations up-to-date and fill-in data protection impact assessments for critical processes.

Third Party Management

• Assist the DPO in assessing contracts.
• Assist in risk categorisation of suppliers and ensuring they are registered as Data Processors.
• Participate in providing privacy notices and awareness to 3rd parties.

Role/Person Specification

Preferred Education:

Degree in Information Technology related field

A Professional Certification in Information/Cyber Security or data privacy/protection will be an advantage

Preferred Experience:

At least 2 years’ work experience in banking.

Knowledge & Skills:

Knowledge of data protection law and international best practices related to data privacy and protection.

Good understanding of Information Security controls.

Good grasp of Technology risks and regulatory guidelines on the use of Cloud services.

Technical Competencies:

A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.

Must be conversant with controls on Cloud infrastructures.

Must be conversant with IT Change Management Process best practices.

Knowledge on business products to enable an effective review of various areas in Operations and Technology and effectively identify risks and controls.

In depth knowledge of information classification and handling requirements.

Exposure to Cybersecurity and information security projects.

Behavioral Competencies:

Must be able to speak and present in front of a large audience.

Team Player and solution driven.

Must be able to engage and manage senior stakeholders of the organization.

Education

Further Education and Training Certificate (FETC): Business, Commerce and Management Studies (Required)