Manager - Data Protection and Privacy

MTN Uganda Limited is an equal opportunity employer and is seeking to recruit a competent individual to fill the following position. The successful candidate will provide second-line assurance over data protection and privacy practices by independently overseeing, monitoring, and advising on the effectiveness of controls implemented by first-line functions. The role supports the development of privacy frameworks, identifies and reports emerging risks, engages with regulators, and promotes awareness across the organization. It ensures that data privacy is embedded into business processes and technology environments in alignment with regulatory requirements and MTN Group standards.

Reports to: Senior Manager - Compliance & Ethics

No. of Vacancies: 1

• Provide independent oversight of data protection and privacy practices across the organization.

• Monitor and assess the effectiveness of first-line controls implemented by IT, business units, and data owners.

• Review and challenge privacy risk assessments, data protection impact assessments (DPIAs), and control designs.

• Support the development and periodic review of data privacy policies, standards, and procedures.

• Ensure alignment with MTN Group frameworks and Uganda’s Data Protection and Privacy Act.

• Identify emerging privacy risks and trends related to technology, data usage, and regulatory changes.

• Maintain a privacy risk register and escalate significant risks to senior management and the Board.

• Prepare periodic compliance reports and dashboards for internal stakeholders.

• Conduct thematic reviews and compliance monitoring of data handling practices.

• Validate the adequacy of controls around data access, retention, sharing, and disposal.

• Collaborate with Internal Audit (third line) to ensure coordinated assurance activities.

• Act as a liaison with regulators (e.g., PDPO, NITA-U, UCC) on privacy-related matters.

• Provide advisory support to business units on regulatory interpretations and compliance obligations.

• Coordinate responses to regulatory inspections and inquiries related to data privacy.

• Drive privacy awareness campaigns and targeted training for staff.

• Build capacity within the organization to understand and manage privacy risks effectively.

• Promote a culture of accountability and ethical data use.

• Oversee the management of data breaches and privacy incidents, ensuring timely escalation and resolution.

• Review root cause analyses and remediation plans from the first line.

• Ensure lessons learned are integrated into risk mitigation strategies.

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Data Science or related course. 

• A certificate in Data privacy will be an added advantage.

• 5 years’ experience in a relevant field. 

• At least 1–3 years in data privacy, data governance, compliance, or cybersecurity.

• Familiarity with data protection laws (e.g., Uganda’s Data Protection and Privacy Act).

• Able to assess complex data flows, identify risks, and evaluate control effectiveness. 

• Works effectively across departments and can influence without direct authority. 

• Strong understanding of Uganda’s Data Protection and Privacy Act and MTN Data Privacy Policy and Procedures. 

• Familiarity with IT systems, data architecture and cybersecurity principles. 

• Experience in risk identification, control evaluation and compliance monitoring Excellent written and verbal communication.