Manager - Data and Privacy Compliance.Group Risk and Compliance

MTNs purpose is to enable the benefits of a modern connected life to everyone. The MTN Group Strategy is anchored in building the largest and most valuable platform business with a clear focus on Africa. This rests on a scale connectivity and infrastructure business – mobile and fixed access networks in the consumer, enterprise and wholesale segments. The Data and Privacy compliance sub-function must therefore ensure successful delivery in the context of : Diversifying telco-to-techco landscape Evolving industry ecosystems Ensuring ethical practices on how data is managed throughout the lifecycle of relevance and use Shifting fraud landscapes which ethical interventions Organisation’s compliance with data protection laws and contractual obligations, by embedding privacy requirements into all Agreements with third parties and partners Omnipresent cybersecurity threats and attacks Evolution of data management approaches to include multiple lines of defence to prevent data leakage and misuse Multi geographic landscape and cultural context Constant dynamic risk challenges Management of demanding customer and supplier expectations Enhancing MTN reputational position as a leading secure, reliable and safe network and system provider at OpCo level Organisational Mission : MTN’s vision is to lead digital transformation in Africa, ensuring widespread access to reliable, high-quality broadband services that drive social and economic development. Organization Values : At MTN we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work, every day. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood, and empoweredto live an inspired life. Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA. As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us. This is what we want you to experience with us Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers, and stakeholders with a vision to realise our shared goals. Our values dubbed, LIVE Y’ello, are the cornerstone of our culture. Lead with Care Can-do with Integrity Collaborate with Agility Serve with Respect Act with Inclusion The Manager : Data and Privacy Compliance role will support the Group Privacy Office to achieve the following objectives : Privacy Strategy and Governance Enablement Contribute to the evolution of MTN’s Data Privacy Strategy, ensuring alignment with global trends and internal maturity models. Support the enhancement of governance structures and frameworks to support strategic privacy objectives. Collaborate with OpCos to ensure regulatory directives are understood, accepted, and implemented. Support Group privacy forums and cross-functional engagements where data and privacy inputs are required. Strategic Contractual Compliance Lead the integration of privacy requirements into all third-party and partner agreements, ensuring alignment with global data protection laws (., GDPR, POPIA) and MTN Group standards. Oversee the development and maintenance of contractual templates (., DPAs, cross-border clauses) and ensure consistent application across Group and OpCos. Ensure commercial clauses governing privacy and data protection are consistently applied across Group and OpCos. Enforce compliance with exceptional sourcing processes in business areas not centrally managed by Procurement and ensure sourcing notifications from the contracting tool are addressed. Drive third-party risk assessments and audits to monitor compliance and mitigate exposure. Champion privacy compliance in high-risk supply chain activities and non-centralised sourcing environments. Ensure that privacy processes are effectively implemented in procurement and business areas conducting independent sourcing. Review and recommend improvements to sourcing, third-party processes, and operational practices. Policy Leadership and Regulatory Translation Translate complex regulatory requirements into actionable internal artefacts—policies, standards, guidelines, and frameworks. Maintain a dynamic policy environment that reflects evolving legal and operational realities. Ensure data and privacy policies are embedded across business units and aligned with MTN’s strategic objectives. Technology Enablement and Privacy by Design Partner with IT and InfoSec to embed privacy controls into systems, applications, and infrastructure. Lead technical DPIAs and ensure compliance with POPIA, GDPR, and other regulations. Implement solutions for data minimisation, retention, and secure destruction. Support automation of DSAR processes and technical investigations of breaches. Risk Management and DPIA Oversight Lead Data Privacy Impact Assessments (DPIAs) for vendor engagements and technology deployments. Identify systemic risks in third-party data processing and implement mitigation strategies. Embed privacy-by-design principles into procurement, technology, and operational processes leveraging similarities in practices across different functions. Analyse regulatory changes and communicate business impact to stakeholders. Coordinate privacy agreement reviews and track delivery timelines. Incident and Consent Management Oversee incident response processes, including root cause analysis, breach communications, and regulator engagement. Manage consent frameworks and privacy notices for customers, employees, and third parties. Ensure supplier processes reflect MTN’s privacy standards and are embedded in operations. Knowledge and Change Enablement Support organisation-wide awareness and training initiatives to build a privacy-conscious culture. Develop and roll out targeted training materials and campaigns across OpCos. Support change management initiatives that embed privacy into business transformation efforts. Stakeholder Engagement Liaise with between Legal, Procurement, Compliance, and business units to embed privacy into operational and contractual frameworks. Support the line manager in representing the Group Privacy Office in engagements with internal stakeholders and external regulators. Support alignment and collaboration across Group and OpCos to ensure consistent privacy governance. Maintain a repository of updates to enhance awareness and understanding of privacy obligations. Continuous Improvement and Reporting Develop and maintain robust reporting tools to monitor privacy compliance, incident trends, and regulatory engagement. Provide executive-level insights into contractual risk exposure and compliance posture. Ensure timely remediation of audit findings and continuous improvement of privacy practices. Track and report on training, compliance metrics, and best practices across OpCos. Monitor global privacy trends and regulatory changes to inform strategy and roadmap. Key Deliverables Implemented and monitored Data Privacy Compliance framework Updated and embedded Data Privacy processes and procedures Training tracker to monitor awareness Internal policies and procedures aligned to industry regulations Role Dependencies Active support from the Group Privacy Office Deep understanding of the MTN business strategy Understanding of the data privacy landscape environments Timely decision making and reporting Alignment of OpCo and Group risk and compliance initiatives MTN policies and procedures (dependence on understanding, complying and applying) Education : Minimum 4-year Bachelor’s Degree (BCom / LLB / Admitted Attorney) Privacy Professional Certificates (such as CIPP, CIPM, CIPT, CDPSE, etc) Fluent in spoken English Experience : Minimum 3 – 5 years of relevant experience, with at least 2 yearsyears in relevant sector / industry / area of specialisation (an understanding of emerging markets is advantageous) Preferably in Telecommunications or Data Privacy practices Experience working in a medium to large organisation Capabilities : Conceptual Thinker, Problem Solver, Improvement Driver Culture and Change Champion, Supporting People Manager, Relationship Manager Results Achiever, Operationally Astute Technical Knowledge : Strong understanding of global privacy laws (GDPR, POPIA). Familiarity with contractual frameworks and vendor risk management. Data privacy Risk and compliance Skills and Competencies : Legal drafting and negotiation skills Risk assessment and audit capabilities Excellent stakeholder communication skills Strong analytical skills Business process improvement Data interpretation Project management Integrity Communication and influence #J-18808-Ljbffr