DATA PROTECTION SPECIALIST, CORPORATE RISK & COMPLIANCE – LEVEL 8 – Zimbabwe Revenue Authority (ZIMRA) 164 views

Key Responsibilities

• Implements and operationalises the Authority’s data protection governance framework across all systems, applications, and business processes, ensuring alignment with statutory and policy requirements
• Develops, maintains, and validates Records of Processing Activities (RoPA) across all ZIMRA functions, ensuring completeness and accuracy of processing records.
• Identifies high-risk personal data processing activities and facilitate Data Protection Impact
• Assesses (DPIAs) in collaboration with business, ICT, Legal, and security teams.
• Coordinates handling of data subject rights requests including access, correction, deletion, objection, restriction, and monitor compliance with statutory timelines.
• Conducts periodic data protection compliance reviews across business units and ICT systems and monitor implementation of corrective actions.
• Supports coordination of data breach and incident response activities, including impact assessment preparation of regulatory notification documentation.
• Supports engagement with the Data Protection Authority (POTRAZ) and prepare compliance documentation for inspections, enquiries, and regulatory reviews.
• Assesses data protection maturity of third-party vendors and processors and monitor remediation of identified compliance gaps.
• Reviews new systems, projects, and process changes to ensure privacy-by-design principles are applied and privacy risks are addressed at design stage.
• Identifies and document data protection risks and maintain privacy risk and issue registers to support enterprise risk reporting.
• Supports development and delivery of data protection awareness and training programmes and evaluate effectiveness of initiatives.
• Supports internal and external audits relating to data protection and privacy and track closure of audit findings.
• Conducts any other duties as may be assigned.

Requirements

• Self-starter with the ability to work under pressure and beyond stipulated hours.
• Unquestionable integrity and commitment to duty.
• Good analytical skills.
• Ability to interact with various departments such as Legal Compliance, Audit and internal and external stakeholders in Information Technology.
• Good communication and interpersonal skills.
• Good organisational, people and time management skills.
• Bachelor’s degree in information systems, Computer Science, Risk Management, Data Science, Information Management, Law, Business Studies or a related field is a must
• A Postgraduate degree in Information Technology, Risk Management, Data Analytics, or related fields is an added advantage.
• Certified Data Protection Officer (POTRAZ) certification is a must.
• Certification in ICT Governance, Risk or Security such as CRISC, CISM, CISA, CISSP, COBIT or ISO / IEC 27001 Lead Implementer / Lead Auditor or equivalent is a must.
• At least five (5) years postgraduate experience in data privacy / protection.
• Experience in Customs / Domestic Taxes or Tax environment is an added advantage.

How to Apply