Group Executive Data Privacy

Job Description

Hello Future Group Executive Data Privacy

Welcome to FirstRand, the home of the #changeables. We design shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.

Role summary:

The Chief Data Privacy Officer (CDPO) is accountable for establishing, embedding and governing a trusted, compliant and future‑ready data privacy capability across the FirstRand Group.

Operating at Group level and reporting to the Chief Digital Officer, the role provides executive leadership, strategic direction and assurance over how personal, customer, employee and third‑party data is collected, processed, shared, stored and monetised across a complex, federated banking ecosystem.

The CDPO enables FirstRand’s platform and data strategy by ensuring that privacy‑by‑design, ethical data use and regulatory compliance are embedded into digital platforms, shared services and franchise‑specific solutions—while maintaining agility, reuse and innovation at scale.

This role is a custodian of trust, balancing regulatory rigor with commercial enablement, and positioning FirstRand as a privacy‑led digital banking group in Africa and globally

You will be responsible for:

Group Data Privacy Strategy & Leadership

• Define and own the Group Data Privacy and Protection Strategy, aligned to the Group Digital, Data and Platform strategies.
• Act as the single point of executive accountability for data privacy across the Group.
• Provide strategic input into platform, cloud, AI and data‑sharing initiatives to ensure privacy‑by‑design.
• Serve as a trusted advisor to Stratco, Exco and franchise leadership on data risk, privacy and ethical data use.

Data Privacy capability

• Establish an efficient risk-based framework that addresses privacy risk, including the proactive identification, escalation, and mitigation of privacy risk.  _
• Own and maintain relevance of the data privacy capability and platform inclusive of paper-based records.
• Ensure consistent application of data privacy obligations across franchises and shared platforms.
• Ensure appropriate practices for data privacy at 3rd parties including inventory of PI/ SPI data shared, effective contracting and incident management.
• Oversee data incident response, breach management and regulatory engagement.
• Effectively manage data privacy risk exposure and mitigation strategies at Group level.
• Enable Group strategies with appropriately balanced regulatory rigour with commercial enablement.
• Ensure the Group risk and compliance profile is effectively operating within approved risk appetite level.
• Establish procedures that align to privacy laws, regulations, applicable _industry codes of conduct, and FirstRand data privacy policies and minimum standards. 

Platform & Data Enablement

• Partner with the Chief Digital Officer and data leadership to embed privacy controls into platforms, shared services and common architectures.
• Enable secure data sharing and reuse across franchises while maintaining clear guardrails.
• Influence technology and architectural decisions to reduce data risk and complexity.
• Support responsible use of advanced analytics, AI and automation from a privacy and ethics perspective.
• Ensure privacy-by-design controls are considerate of customer journeys and customer experience.

Culture, Capability & Change

• Build and mature Group‑level data privacy capability, including centres of excellence where appropriate.
• Drive behavioural change by embedding privacy into ways of working, product design and delivery models.
• Create awareness and accountability across the organisation for data stewardship and ethical use.
• Develop talent and succession within the data privacy and protection domain.

External Influence & Thought Leadership

• Represent FirstRand in industry forums, regulatory engagements and peer networks.
• Track global privacy, data protection and digital trust trends to inform Group strategy.
• Position FirstRand as a leader in trusted digital banking and responsible data use.

What you will need:

• Relevant Bachelor’s degree (Law, Information Systems, Risk Management, Computer Science or similar)
• Preferred Postgraduate qualification (LLM, MCom, MBA or equivalent)

• Formal certification in data privacy or information security (e.g. CIPP, CIPM, ISO‑related certifications)
• 12+ years in senior roles spanning data governance, privacy, risk, compliance, digital or technology environments
• Significant experience in financial services or highly regulated industries

Knowledge and Skills

• Deep understanding of POPIA and global data protection principles
• Proven experience operating in large, federated organisations
• Strong grasp of digital platforms, cloud, data architectures and analytics ecosystems
• Ability to influence without direct authority across franchises
• Executive‑level stakeholder management and regulatory engagement
• Strategic thinker with the ability to translate regulation into enablement
• Deep understanding and experience in data engineering, information architecture or similar

We can be a match if you can:

• Strategic Thinking and Systems Orientation
• Executive Influence and Decision Making
• Risk‑based Judgement
• Collaboration across Complex Ecosystems
• Ethical Leadership and Trust Building
• Change Leadership

You will have access to:

• Opportunities to network and collaborate.
• Challenging Work.
• Opportunities to innovate.

#Post

#FNB

#LI-NN2

Are you interested to take the step? We look forward to engaging with you further. Apply now!

 

Important Closing Date Note

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

23/03/26