DATA PROTECTION SPECIALIST, CORPORATE RISK & COMPLIANCE – LEVEL 8 (1 POST)
Ict & Computer Jobs
Job Description
DATA PROTECTION SPECIALIST, CORPORATE RISK & COMPLIANCE – LEVEL
8 (1 POST)
Duties and Responsibilities
2.1 Key Responsibilities
▪ Implements and operationalises the Authority’s data protection governance
framework across all systems, applications, and business processes, ensuring
alignment with statutory and policy requirements
▪ Develops, maintains, and validates Records of Processing Activities (RoPA) across all
ZIMRA functions, ensuring completeness and accuracy of processing records.
▪ Identifies high-risk personal data processing activities and facilitate Data Protection
Impact
▪ Assesses (DPIAs) in collaboration with business, ICT, Legal, and security teams.
▪ Coordinates handling of data subject rights requests including access, correction,
deletion, objection, restriction, and monitor compliance with statutory timelines.
▪ Conducts periodic data protection compliance reviews across business units and ICT
systems and monitor implementation of corrective actions.
▪ Supports coordination of data breach and incident response activities, including
impact assessment preparation of regulatory notification documentation.
▪ Supports engagement with the Data Protection Authority (POTRAZ) and prepare
compliance documentation for inspections, enquiries, and regulatory reviews.
▪ Assesses data protection maturity of third-party vendors and processors and monitor
remediation of identified compliance gaps.
▪ Reviews new systems, projects, and process changes to ensure privacy-by-design
principles are applied and privacy risks are addressed at design stage.
▪ Identifies and document data protection risks and maintain privacy risk and issue
registers to support enterprise risk reporting.
▪ Supports development and delivery of data protection awareness and training
programmes and evaluate effectiveness of initiatives.
▪ Supports internal and external audits relating to data protection and privacy and
track closure of audit findings.
▪ Conducts any other duties as may be assigned.
Qualifications and Experience
2.2 Job Skills and Competencies
▪ Self-starter with the ability to work under pressure and beyond stipulated hours.
2
▪ Unquestionable integrity and commitment to duty.
▪ Good analytical skills.
▪ Ability to interact with various departments such as Legal Compliance, Audit and
internal and external stakeholders in Information Technology.
▪ Good communication and interpersonal skills.
▪ Good organisational, people and time management skills.
2.3 Qualifications and Experience
▪ Bachelor’s degree in information systems, Computer Science, Risk Management, Data
Science, Information Management, Law, Business Studies or a related field is a must
▪ A Postgraduate degree in Information Technology, Risk Management, Data Analytics,
or related fields is an added advantage.
▪ Certified Data Protection Officer (POTRAZ) certification is a must.
▪ Certification in ICT Governance, Risk or Security such as CRISC, CISM, CISA, CISSP,
COBIT or ISO / IEC 27001 Lead Implementer / Lead Auditor or equivalent is a must.
▪ At least five (5) years postgraduate experience in data privacy / protection.
▪ Experience in Customs / Domestic Taxes or Tax environment is an added advantage.
How to Apply
Interested candidates should submit applications, accompanied by a detailed Curriculum
Vitae by 28 March 2026, All applications should be emailed to:
ZimraRecruitment@zimra.co.zw clearly stating the position applied for and
addressed to:
The Director, Human Capital
Zimbabwe Revenue Authority
6th Floor ZB Centre
Corner First Street / Kwame Nkrumah Avenue
P. O. Box 4360
HARARE
Please note that only shortlisted applicants will be responded to and females are
encouraged to apply.
