Privacy, Data Governance & IT Compliance Officer

IoT.nxt is a leading IoT technology company enabling real-time visibility, actionable insights and control, powered by AI. Our award-winning platform uses the internet of things, digital twins, and machine learning to help businesses reduce costs, maximize process efficiency and eliminate risk. Our technology enables businesses to run more agile, proactive and competitive operations.

The Privacy, Data Governance & IT Compliance Officer owns and coordinates IoT.nxt’s privacy (POPIA & GDPR) and data governance programmes, and further assists in the development, and maintenance of IT risk management and compliance programs.

The role translates regulatory and control requirements into practical controls, maintains compliance artefacts (policies, standards, evidence), and coordinates inputs from first-line teams (Security, Dev Ops, Engineering) to support ISO 27001, company group requirements, and customer due diligence.

• Own and continuously improve Privacy (POPIA/GDPR) programme (policies, registers, training coordination, compliance reporting).
• Own and coordinate Data Governance operating model (data ownership/stewardship, definitions, classification, retention coordination).
• Maintain and improve compliance artefacts: policies, standards, procedures, and evidence repositories.
• Orchestrate evidence collection and reporting from first-line teams for ISO 27001 surveillance/recertification, group requirements, and customer due diligence.
• Coordinate and track audit readiness activities, findings, and remediation actions to closure (internal/external).
• Prepare reports for internal stakeholders (CTIO/Legal/COO) and support engagement with auditors/regulators as required.

• Bachelor’s degree (or equivalent experience) in Information Systems, Risk/Compliance, Data Management, Law, or a related field.
• Relevant certifications are a plus but not required e.g. IAPP (CIPP/E, CIPM), ISO 27001, CRISC/CISA.

• 3+ years in a privacy, data governance, IT GRC, risk/compliance, or similar role.

• Working knowledge of POPIA and GDPR, with the ability to translate regulatory requirements into practical, implementable controls.
• Knowledge of IT risk management and governance frameworks such as ISO and/or COBIT.
• Analytical and problem-solving skills, with the ability to assess risks and identify appropriate mitigation actions.
• Strong documentation, process design, and evidence management skills, particularly in a compliance or audit context.
• Ability to coordinate across multiple teams, track actions, and follow up on remediation activities to closure.
• Excellent written and verbal communication skills, with the ability to engage effectively with both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, resource-constrained environment.

The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.