Information Security Privacy Manager

• Manage data and privacy policy and practice throughout the organisation in line with the relevant laws.
  


• Manage GDPR accountability principle by the maintenance and development of an appropriate framework.
  


• Develop and maintain appropriate policies and other documentation and record systems.
  


• Maintain an appropriate data dashboard for compliance monitoring.
  


• Conduct internal audits to ensure organisational policy and procedure is adhered to.
  


• Maintains records of processing of personal data, takes the lead in developing data protection and related policy and procedures.
  


• Ensure adequate data mapping and DPIAs are undertaken and recorded as appropriate.
  


• Develop/enhance the information security and personal information management systems.
  


• Review processes and practices against independent standards for PIMS and SIMS.
  


• Draft and advise on relevant policies, data sharing agreements, data and privacy provisions of legal contracts, and associated contracts, and liaise with the legal department in the coordination of advice.
  


• Manage the internal privacy dashboard, including staff accessibility to relevant policies, guidance, forms, and training materials.
  


• Lead the program of work for data champions.
  


• Identify, assess, and evaluate risk and manage the data risk register, and ensure they are communicated appropriately.
  


• Provide advice on information governance, data, and privacy matters.
  


• Ensure all new and ongoing projects are supported with an appropriate level of data and privacy expertise.
  


• Advise the business on relevant case law and other legal and regulatory developments.
  


• Manage the network of data champions to ensure they have the skills and tools to support their activity.
  


• Inform and advise all staff and relevant members on their data and privacy obligations.
  


• Develop and deliver staff awareness programs and training for the business.
  


• Drive workplace culture of transparency and accountability.  
  

Requirements

• Knowledge of Data protection and other data privacy legislation, including (NDPR, GDPR, etc.)
  


• Experience in privacy and security risk assessment and best practice mitigation, including significant hands-on experience in privacy assessments, privacy certifications/seals, and information security standards certification.
  


• Significant experience in IT operations and programming, including attainment of information security standards, certifications, and privacy seal/marks.
  


• Experience in global privacy laws, including drafting of privacy policies, technology provisions, and outsourcing agreements.
  


• Experience in dealing successfully with different business cultures and industries.
  


• Excellent verbal, written, and interpersonal communication skills with the ability to communicate effectively with IT, project and development teams, management, and business stakeholders.
  


• Developing and delivering employee training programs.
  


• Skilled in articulating information security policies, procedures, and guidelines to all levels of management and staff.
  


• Demonstrated leadership skills, achieving stated objectives involving a diverse set of stakeholders and managing varied projects.
  


• Have excellent negotiation skills to interface with NDPR on behalf of the company represented.
  


• Demonstrated client relationship skills to continuously coordinate with controllers.
  


• Communication skills to speak with a wide-ranging audience, from the board of directors to data subjects, from managers to IT staff, and lawyers.
  


• Ability to speak in the language of the average Nigerian citizen, not in technical or legal jargon, to handle requests and complaints from data subjects.  
  

• Bachelor’s Degree in Information Security, Information Technology or a similar major.
  


• 10 years strong project management and reporting experience with a minimum of 2 years’ experience in privacy regulatory compliance (e.g., CCPA, CPRA, GDPR, LGPD).
  


• Experience in Privacy Management Platform solution(s) (e.g., OneTrust)