Data Privacy Governance Officer

About the role

Join Sanlam Fintech and help shape the future of data privacy in one of Africa's most exciting digital transformation stories.

We're not just protecting data, we're enabling financial inclusion at scale. Sanlam Fintech is democratising financial services across Africa through AI-powered, digital-first solutions that reach millions of previously excluded consumers. As our Data Privacy Governance Officer, you'll be at the intersection of innovation and compliance, ensuring we grow responsibly while breaking new ground in partnerships with banks, media companies and beyond.

This isn't a box-ticking compliance role. This is about building privacy into our DNA as we scale across Africa, leverage AI responsibly, and navigate complex multi-partner ecosystems. If you're excited about solving privacy challenges that don't have a playbook yet, keep reading.

What will you do?

Build Privacy into Everything We Do:

• Design and embed privacy-by-design principles into new products, services and partnerships from day one
• Conduct Privacy Impact Assessments (PIAs) to identify and mitigate risks before they become problems
• Draft and review Data Sharing and Usage Agreements (DSUAs) that enable business innovation while staying compliant

Be the Privacy Guardian Across the Ecosystem:

• Ensure privacy governance structures are effective across all SFT business units and partner organizations
• Manage the end-to-end data breach response process - detection, reporting, and remediation
• Investigate and respond to PAIA requests and data privacy complaints
• Manage correspondence with the Information Regulator on behalf of the Cluster Information Officer

Drive Compliance and Assurance:

• Lead compliance assessments (self-assessments and maturity reviews) to ensure we meet regulatory requirements
• Partner with auditors and compliance functions to scope and execute monitoring programs
• Ensure all business units maintain up-to-date processing registers and data maps
• Turn audit findings into actionable improvements

Champion a Privacy-First Culture:

• Deliver engaging training sessions that make data privacy relevant and accessible for everyone
• Run simulated privacy incident exercises to keep teams sharp and prepared
• Launch and manage communications programs (monthly check-ins, quarterly forums, newsletters)
• Onboard and support Data Privacy Champions, Deputy Information Officers, and Information Officers across the cluster

Navigate Complex Regulatory Landscapes:

• Stay ahead of emerging AI governance and data privacy regulations
• Find innovative ways to enable data processing within regulatory constraints
• Support strategic objectives like cross-sell, upsell, and holistic client experiences - compliantly

What will make you successful in this role?

You're a Strategic Problem-Solver: You don't just spot compliance gaps - you find creative solutions that enable the business to achieve its goals while staying within regulatory boundaries. You understand that privacy and innovation aren't opposites; they're partners.

You're an Excellent Communicator: You can translate complex regulatory requirements into plain language that business stakeholders actually understand and act on. You can influence without authority and build genuine partnerships across teams.

You Think Like a Business Partner, Not a Blocker: You understand the business context and strategic objectives. You're there to enable, not prevent - finding the "how" when others see only obstacles.

You're Comfortable with Complexity: You can navigate a distributed operational environment with multiple legal entities, partners, and regulatory jurisdictions. You see the connections others miss and understand how data flows across boundaries.

You're Proactive and Resilient: Data breaches happen. Regulations change. Partners have different maturity levels. You stay calm under pressure, plan ahead, and continuously improve processes based on lessons learned.

You're a Culture Builder: You know that real privacy protection comes from people, not just policies. You're energised by the challenge of embedding privacy consciousness across an entire organisation through training, engagement, and leading by example.

What you'll need

Qualifications:

• Bachelor's degree in Information Technology, Law, MIS, Information Management, or related field
• Certifications such as CIPP (Certified Information Privacy Professional) or CIPM (Certified Information Privacy Manager) would be a significant advantage

Experience:

• 3-5 years in the financial services industry supporting or leading data privacy/regulatory programmes, processes, or practices
• OR experience in a compliance-related role with strong exposure to data privacy
• Experience working across multiple business units or in complex, matrixed environments is highly desirable

Skills & expertise

Essential Knowledge:

• Deep understanding of data privacy regulatory requirements impacting financial services (POPIA, PAIA, LTIA, PPR)
• Knowledge of privacy-by-design principles and Privacy Impact Assessment methodologies
• Understanding of data sharing frameworks and consent management
• Awareness of emerging AI governance and data privacy intersections

Technical Skills:

• Proficient with Microsoft Office suite (Word, Excel, PowerPoint, Teams)
• Analytical thinking - able to assess complex scenarios and identify privacy risks
• Project management - juggling multiple initiatives with competing priorities
• Problem-solving - finding pragmatic solutions to novel privacy challenges

Interpersonal Skills:

• Exceptional communication skills (written and verbal)
• Ability to influence and educate stakeholders at all levels
• Networking and relationship-building across organizational boundaries
• Training and facilitation skills

Personal Attributes

Build a successful career with us

We’re all about building strong, lasting relationships with our employees. We know that you have hopes for your future – your career, your personal development and of achieving great things. We pride ourselves in helping  our employees to realise their worth. Through its five business clusters – Sanlam Fintech, Sanlam Life and Savings, Sanlam Investment Group, Sanlam Allianz, Santam, as well as MiWay and the Group Office – the group provides many opportunities for growth and development.

Core Competencies

Turnaround time

The shortlisting process will only start once the application due date has been reached. The time taken to complete this process will depend on how far you progress and the availability of managers. 

Our commitment to transformation