Information Risk and Data Privacy Specialist at Stanbic Bank

Job Description

Risk, Regulatory, Prudential & Compliance

• Participate in oversight committees and forums relevant to specialized area of expertise, in order to monitor the implementation of the Information Risk and Data Privacy Frameworks.
• Keep abreast of and analyse relevant legislative and regulatory developments in collaboration with key stakeholders such as Integrated Operational Risk, Compliance and Legal in order to inform the Information Risk and Data Privacy Frameworks, to understand the implications for the organisation and to deliver expert advice in collaboration with key stakeholders such Integrated Operational Risk, Compliance, Group Legal and Local Data Privacy Officers.
• Drive the digitisation culture, data driven approach, monitoring and assurance activities and toolbox enablers to ensure the implementation and embedment of data privacy across the entire organisation
• Escalate all strategic and high-risk issues to the Information Risk and Data Privacy Manager ensure these matters are dealt with timeously and as per the standards set out it in the Risk Management Compliance Framework.
• Provide view of regulatory Data Privacy landscape and provide fit for purpose Data Privacy Governance Documentation Universe for implementation by business areas.
• Recommend and advise on best information Risk and Privacy practices and controls for processes and systems for Client Segments and Client Solutions to effectively monitor and control adherence, conformance and compliance to all policies and standards as per the Governance Documentation Universe in order to ensure compliance with statutory and regulatory laws.
• Provide specialized advice to senior stakeholders across Client Segments, Client Solutions and Corporate Functions in collaboration with key stakeholders such as Integrated Operational Risk, Information Technology, Compliance and Legal on the required minimum standards, strategies, projects, plans, initiatives, reporting and other relevant activities to ensure compliance with all standards and legislative requirements.
• Maintain an Information Risk and Data Privacy reporting mechanism that's integrated into Information Risk reporting that will ensure efficient, high quality and consistent reporting is delivered as required to the relevant committees, forums and regulators.
• Leverage specialist knowledge to enable the enhancement, maintenance, and implementation of the relevant part of the IR Governance Documentation Universe in order to significantly contribute to the assurance that business is undertaken in a compliant manner to avoid operational losses, fines, penalties or reputational damage.
• Implement, maintain and participate in effective governance structures in order to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies.
• Assist in the implementation of the Risk Management Data Privacy Compliance Framework in collaboration with key stakeholders, pertaining to all products and services, across the bank to ensure that business is undertaken in a compliant manner to avoid operational losses, fines, penalties or reputational damage and enables the competitive advantage of the Bank.

Strategy

• Maintain the Risk Management Data Privacy Compliance Framework - covering strategy, policy, process, procedures, standards, guidelines, training, objectives, metrics and governance - to ensure consistency of implementation and the alignment to the changing regulatory and legislative requirements across all relevant countries and jurisdictions and international best practices and standards. Where these are available from the Group, support with cascading the same.
• Generate strategies and alternative solutions to address changing regulatory requirements to inform the Risk Management Data Privacy Compliance Framework.
• Ensuring alignment to Information Risk strategy taking into consideration the management of Data Privacy Risk as a sub risk type of Information Risk.

Client

• Provide specialist advice and guidance to stakeholders and clients (Trusted Adviser) as it pertains to Data Privacy. Where necessary provide training to targeted business areas or internally. Engage in the appropriate forums and workshops to convey relevant matters to wider audiences when required. Design and dispense training and awareness initiatives pertaining to the Data Privacy Framework.

Data

• Contribute in recommending privacy requirements and controls to the governance & strategy of the Enterprise Data Office and Committee in adherence to the approved data standards.
• Provide guidance on the privacy controls on the collection, capturing and maintenance of data as it relates to personal information and will effectively guide critical business decisions as it pertains to Data Privacy.
• Deliver holistically, the regulatory and internal reporting requirements so far as it relates to personal information.

Technology & Architecture

• Recommend privacy controls for the Technology Risk Management Plan in the context of the Data Privacy requirements. Contribute in recommending privacy controls to ensure privacy by design and privacy by default is considered in the design and implement phases of the relevant technological enhancements.

Financial Management

• Identify opportunities to reduce costs.

People

• Build, develop and maintain relationships with the key internal and external stakeholders relevant to the Data Privacy area of specialization.
• Leverage strong personal power across all stakeholders across all business units. Influencing stakeholders to adopt, embed and comply with the Data Privacy Framework is an essential outcome.

Product

• Provide specialist advice, guidance, and enhancement of controls to products, services, processes that relate to Data Privacy as the focus areas of the function. Ensure that Data Privacy Risk Management requirements are met.

Qualifications

Minimum Qualifications

• First Degree in Information Technology; Legal; Computer Science or Business-related Degree - Mandatory
• Certification in CISSP; CISA; CRISC; CDPSE or any privacy related or technology certification - Mandatory

Experience Required

• 3 - 5 years - The role requires an expert in Risk Management with profound knowledge of the full dimensions of the field, but deep expertise in the relevant area of specialization – Information Risk & Data Privacy. Regulatory environment savvy, a proven track record in influencing leaders and employees across multiple countries, Client Segments and Client Solutions to effectively implement Information Risk and Data Privacy Compliance Frameworks. Be able to quote the acts applicable to Data Privacy.