Managing Executive: Group Privacy Officer

**Role purpose**:
As the most senior officer responsible for Privacy across all Vodacom Group’s operating companies (“Vodacom”), the incumbent will be responsible for driving, and overseeing the delivery of the Vodafone Group Global Privacy Programme and applicable local privacy laws across the African continent.

The incumbent will:
- build a culture of privacy and accountability from senior leadership, cascading downwards to operational teams.
- maintain healthy relations with regulators, industry associations, and other external stakeholders;
- provide thought leadership on privacy throughout the organization; and
- collaborate with teams of Privacy Officers across Vodacom’s African footprint.

**Your responsibilities will include**:
**Privacy, Governance, Risk & Compliance**:
Providing strategic guidance and regular feedback to the Chief Officer: Legal, Compliance and Risk regarding the design, operation, and effectiveness of Vodacom’s privacy program.
Develop strong partnerships with business leaders across the enterprise to implement privacy risk mitigation strategies
Oversee the roll-out of Vodafone Privacy Management Policy and Control Matrix.
Adaptation of global privacy frameworks to ensure compliance with local legal requirements.
Planning, managing, and monitoring projects to drive the privacy agenda across Vodacom, including annual/quarterly plans and the control environment
Monitoring, improving, and managing quarterly self-assessed control effectiveness KPI and risk reports by local privacy teams and reporting on it to Vodafone Global Privacy Officer and Vodacom Group Privacy Steerco.
Monitoring, improving, and managing Annual Evidence Based Control Effectiveness Testing, including. verification of the evidence provided by each of the local teams and calibration of control scores across Vodacom.
Monitoring, improving and managing the Annual Privacy CEO statements leading to local CEOs signoffs.
Managing Vodacom’s strategic and operational Privacy Risk Register and mitigation plans in collaboration with risk owners.
Reporting and preparing materials for Vodacom oversight bodies such as ExCo; Risk and Compliance committee; and Audit, Risk and Compliance Committee.
Conducting quality assurance of key privacy processes across Vodacom’s footprint.

**Privacy by Design and operational privacy processes**:
Driving and overseeing the Privacy by Design & Assurance work for Vodacom cross-market products, processes, and platforms to ensure that they are designed and delivered to meet both global policy expectations as well as local compliance requirements.
Maintaining a network of Privacy single points of contact across all Vodacom Group departments, products, processes, and platforms.
Maintaining and improving Data Breach Management processes across Vodacom’s footprint.
Maintaining and improving Individual rights processes.

**Privacy Culture**:
Ensuring 1st line of defence assumes accountability for relevant privacy controls through a selection of activities ranging from Annual CEO Statements, regular SLT level engagements and line management consultations.
Delivery of training and awareness content to relevant audiences, including all-workforce mandatory trainings and awareness campaigns, dedicated trainings to high-risk roles, and specialist trainings to Privacy Officers, Privacy Counsels and Privacy Managers across Vodacom’s footprint
Pursue activities to improve the maturity of the privacy profession across Vodacom.

**External engagement and policy-shaping**:
Proactive shaping of policy positions through dialogue with regulators, industry associations, legislators, and other stakeholders.

**Core competencies, knowledge, and experience**:
Results-oriented, proactive, responsible, pragmatic, and ethical person with a passion for privacy and program management
Demonstrable ability to identify and solve complex problems in complex technology and business environment.
Excellent communication, presentation, and people skills.
Comfortable working in a matrix organisation with tolerance for ambiguity.
Persistence and resilience to drive change.

**Must have technical/professional qualifications**:
Post-graduate qualification, with extensive work experience, in auditing, business, finance, law, risk management & compliance and related fields
Significant program management experience in a complex multi-national environment.
Significant experience and demonstrable understanding of compliance and risk management procedures and methodologies.
Extensive experience in either technology or financial services or communications industries.
Good knowledge of privacy and data protection laws and regulations.

**Personality indicators for successful performance of the role**:
Proactivity, agency, ownership of own area of responsibility.
Resilience, persistence - seeing things through and not stopping at “first stop.”
Confidence regarding authority - courage to “stand out and be counted.”
Wi