Group Data Governance Lead

Lesaka Technologies Inc.

Company Overview

Lesaka is a leading South African financial technology company. We deliver financial services to consumers (B2C) and merchants (B2B) in Southern Africa through our proprietary banking and payment technologies. We offer banking, lending and insurance products to consumers and cash management solutions, bill payment technologies, value-added services, business funding and card acquiring solutions to formal and informal retail merchants.

We are seeking a Group Data Governance Lead to serve as a pivotal technology and compliance expert responsible for establishing, implementing, and maintaining the organization’s data governance framework. This role shall ensure that data is accurate, consistent, secure, and used responsibly across Lesaka Group and will work with various divisions to establish data ownership models, drive data quality initiatives, and improve the organization's data maturity.

The Lead will be the primary technical point of contact for data governance matters, translating complex legal and compliance requirements into actionable technical specifications, security controls, and IT standards. Key activities include leading Data Protection Impact Assessments (DPIAs) for high-risk tech projects, implementing technical privacy controls, and collaborating closely with engineering teams, cybersecurity, and legal counsel to proactively mitigate technology-related privacy risks.

Key Responsibilities

  • Data Governance Framework & Strategy: Develop, implement, and continuously mature the Group’s Data Governance Framework & Strategy, ensuring robust policies, standards, and processes that support consistent data management across the full data lifecycle (creation, usage, retention, archiving, and disposal).
  • Compliance: Ensure all data governance practices align with regulatory requirements (e.g., POPIA) and internal governance standards. Translate regulatory requirements into practical data governance controls and processes adopted across the organisation.).
  • Group Policy Standardisation: Define and enforce consistent data governance policies, standards, and guidelines across all operating companies and geographies (where applicable), ensuring alignment with Group strategy.
  • Monitoring and Assurance: Implement a monitoring and assurance programme to assess the effectiveness of data governance controls, data quality, metadata management, and policy compliance. Produce regular governance reporting.
  • Vendor and Third-Party Risk: Oversee data governance requirements in Data Processing Agreements (DPAs), ensuring third-party providers follow Group data governance, data quality, and data protection expectations.
  • Information Officer Support: Serve as the designated Deputy Information Officer (IO) or provide strategic support and guidance to the formally registered Information Officer(s) across all legal entities, fulfilling duties as prescribed by POPIA.
  • Regulatory Engagement: Manage all interactions, notifications, and reporting with the South African Information Regulator (IR), including handling inquiries, breach notifications (Section 22), and prior authorisation applications.
  • Data Subject Rights: Oversee the central process for managing all Data Subject Access Requests (DSARs) and objections (Section 11(3)(c)) under POPIA and other applicable laws.
  • Data Protection Impact Assessments (DPIAs): Establish a process for mandatory Privacy by Design and Default (PbD), including conducting and reviewing high-risk DPIAs/PIAs for all new products, services, systems, and major changes.
  • Agreements (DPAs) and privacy clauses with all third-party Operators to ensure adequate data governance safeguards are in place.
  • Data Breach Management: Oversee data-related incidents involving data quality, and governance breaches. Support privacy and cybersecurity teams where incidents involve personal information.
  • Training Program: Drive awareness, training, and adoption of data governance practices for all employees, leadership, and key stakeholders (IT, HR, Marketing) .
  • Cross-Functional Collaboration: Partner closely with Legal, IT Security, Risk Management, and business unit leaders to ensure data governance requirements are integrated into business processes and technological infrastructure.

Skills & Attributes

  • Regulatory Acumen: Ability to interpret data-related legislation (POPIA) and industry frameworks and convert them into practical data governance controls, standards, and guidelines
  • Leadership & Communication: Excellent written and verbal communication skills, including the ability to influence senior management and explain complex privacy concepts to non-technical stakeholders.
  • Stakeholder Management: Proven ability to build strong, collaborative relationships across diverse Group functions and business units.
  • Risk Management: Strong analytical and problem-solving skills with an ability to assess and manage privacy-related risks in a dynamic commercial environment.

Qualifications

  • Education: A Bachelor's degree in Law, IT, Risk Management, or a related field.
  • Certification: Relevant professional certification such as CIPP/E, CIPM, CIPT, ISO/IEC 27701 or an equivalent local privacy certification is highly desirable.
  • Experience: [5+ years] of progressive experience in Compliance, Legal, IT Security, or Risk Management, with at least [2-3 years] experience in Data Governance.
  • POPIA Expertise: Deep understanding of POPIA’s implications for data governance, including data retention, processing limitations, data accuracy, and security safeguards. Knowledge of international regulations (GDPR, CCPA/CPRA, LGPD) is beneficial.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

See more jobs in Johannesburg, Gauteng, jobs in South Africa