Manager - Data and Privacy Compliance.Group Risk and Compliance

Manager - Data and Privacy Compliance.Group Risk and Compliance The Manager: Data and Privacy Compliance will be responsible for supporting and implementing all aspects of the global data protection compliance strategy. This role includes providing expert advice on data protection and privacy, leveraging data insights to enable informed decisions that uphold data integrity and minimise risks for Group and its operating companies. Context MTNs purpose is to enable the benefits of a modern connected life to everyone. The MTN Group Strategy is anchored in building the largest and most valuable platform business with a clear focus on Africa. This rests on a scale connectivity and infrastructure business – mobile and fixed access networks in the consumer, enterprise and wholesale segments. Core Responsibilities Privacy Strategy and Governance Enablement Contribute to the evolution of MTN’s Data Privacy Strategy, ensuring alignment with global trends and internal maturity models. Support the enhancement of governance structures and frameworks to support strategic privacy objectives. Collaborate with OpCos to ensure regulatory directives are understood, accepted, and implemented. Support Group privacy forums and cross‑functional engagements where data and privacy inputs are required. Strategic Contractual Compliance Lead the integration of privacy requirements into all third‑party and partner agreements, ensuring alignment with global data protection laws (e.g., GDPR, POPIA) and MTN Group standards. Oversee the development and maintenance of contractual templates (e.g., DPAs, cross‑border clauses) and ensure consistent application across Group and OpCos. Ensure commercial clauses governing privacy and data protection are consistently applied across Group and OpCos. Enforce compliance with exceptional sourcing processes in business areas not centrally managed by Procurement and ensure sourcing notifications from the contracting tool are addressed. Drive third‑party risk assessments and audits to monitor compliance and mitigate exposure. Champion privacy compliance in high‑risk supply chain activities and non-centralised sourcing environments. Ensure that privacy processes are effectively implemented in procurement and business areas conducting independent sourcing. Review and recommend improvements to sourcing, third‑party processes, and operational practices. Policy Leadership and Regulatory Translation Translate complex regulatory requirements into actionable internal artefacts—policies, standards, guidelines, and frameworks. Maintain a dynamic policy environment that reflects evolving legal and operational realities. Ensure data and privacy policies are embedded across business units and aligned with MTN’s strategic objectives. Technology Enablement and Privacy by Design Partner with IT and InfoSec to embed privacy controls into systems, applications, and infrastructure. Lead technical DPIAs and ensure compliance with POPIA, GDPR, and other regulations. Implement solutions for data minimisation, retention, and secure destruction. Support automation of DSAR processes and technical investigations of breaches. Risk Management and DPIA Oversight Lead Data Privacy Impact Assessments (DPIAs) for vendor engagements and technology deployments. Identify systemic risks in third‑party data processing and implement mitigation strategies. Embed privacy‑by‑design principles into procurement, technology, and operational processes leveraging similarities in practices across different functions. Analyse regulatory changes and communicate business impact to stakeholders. Coordinate privacy agreement reviews and track delivery timelines. Incident and Consent Management Oversee incident response processes, including root cause analysis, breach communications, and regulator engagement. Manage consent frameworks and privacy notices for customers, employees, and third parties. Ensure supplier processes reflect MTN’s privacy standards and are embedded in operations. Knowledge and Change Enablement Support organisation‑wide awareness and training initiatives to build a privacy‑conscious culture. Develop and roll out targeted training materials and campaigns across OpCos. Support change management initiatives that embed privacy into business transformation efforts. Stakeholder Engagement Liaise with Legal, Procurement, Compliance, and business units to embed privacy into operational and contractual frameworks. Support the line manager in representing the Group Privacy Office in engagements with internal stakeholders and external regulators. Support alignment and collaboration across Group and OpCos to ensure consistent privacy governance. Maintain a repository of updates to enhance awareness and understanding of privacy obligations. Continuous Improvement and Reporting Develop and maintain robust reporting tools to monitor privacy compliance, incident trends, and regulatory engagement. Provide executive‑level insights into contractual risk exposure and compliance posture. Ensure timely remediation of audit findings and continuous improvement of privacy practices. Track and report on training, compliance metrics, and best practices across OpCos. Monitor global privacy trends and regulatory changes to inform strategy and roadmap. Implemented and monitored Data Privacy Compliance framework. Updated and embedded Data Privacy processes and procedures. Training tracker to monitor awareness. Internal policies and procedures aligned to industry regulations. Active support from the Group Privacy Office. Deep understanding of the MTN business strategy. Understanding of the data privacy landscape environments. Timely decision making and reporting. Alignment of OpCo and Group risk and compliance initiatives. MTN policies and procedures (dependence on understanding, complying and applying). Job Requirements Education: Minimum 4‑year Bachelor’s Degree (BCom / LLB / Admitted Attorney) Privacy Professional Certificates (such as CIPP, CIPM, CIPT, CDPSE, etc) Fluent in spoken English Experience: Minimum 3 – 5 years of relevant experience, with at least 2 years in relevant sector /industry /area of specialisation (an understanding of emerging markets is advantageous) Preferably in Telecommunications or Data Privacy practices Experience working in a medium to large organisation Capabilities: Conceptual Thinker, Problem Solver, Improvement Driver Culture and Change Champion, Supporting People Manager, Relationship Manager Results Achiever, Operationally Astute Technical Knowledge: Strong understanding of global privacy laws (GDPR, POPIA). Familiarity with contractual frameworks and vendor risk management. Data privacy Risk and compliance Skills and Competencies: Legal drafting and negotiation skills Risk assessment and audit capabilities Strong analytical skills Business process improvement Data interpretation Project management Integrity Communication and influence Seniority level Mid‑Senior level Employment type Full‑time Job function Business Development, Information Technology, and Consulting Technology, Information and Media and Information Services #J-18808-Ljbffr