Data Protection Officer
Job Ref No. HR/023/2022
Available Position: 1
Location: Head Office
Reporting to: Head Compliance
Position Scope: The job holder is responsible for overseeing the Bank’s data protection strategy, implementation of data protection principles and ensuring effective compliance across the Bank.
- Act as the primary point of contact within the Bank for data privacy issues for members of staff, regulators, and any relevant data protection authorities.
- Ensure the Bank’s policy is in accordance with the Data Protection Act, 2019.
- Evaluate the existing data protection framework and identify areas of non or partial compliance and resolve any issues.
- Conduct regular assessment to ensure the Bank’s compliance with the data protection laws.
- Devise training plans and provide training to staff regarding data protection, compliance for those who are involved in processing sensitive personal data and personal data to raise levels of awareness of data protection issues throughout the business. He/she will also provide data protection advice and support to members of staff.
- Be proactive in horizon scanning for proposed and actual changes to data protection laws and guidance to ensure awareness of changes in the regulatory environment, and to advise the business on how to be market-leading in its data protection strategy.
- Review and advise the business teams in relation to data subject access requests and support the teams to provide responses. Advise the business teams on any matters in relation to data protection compliance.
- Promote a culture of data protection compliance across all units of the Bank and conduct periodic audits to ensure data privacy processes are being followed.
- Always evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated.
- Take ownership of data protection documentation and reporting requirements, including records of processing activities, data protection impact assessments, data incident records and data breach reporting, and conduct periodic compliance assessments of these.
- Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).
- Performing regular data privacy assessments to ensure compliance and proactively address potential issues
- Evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated at all times.
- Responding to data subjects about how their personal data is utilized and measures the Bank has put in place to protect their data.
Education, Professional Qualifications, Experience & Skills
- Bachelor’s degree in Information Technology, Legal, Risk Management or business related field from a recognised university.
- Professional Certification in CISA, CISM, CRISC, CDPSE or; CIPP/CIPM
- Masters degree in Data Management or a business related field will be an added advantage.
- At least 6-8 years’ working experience within risk management, internal audit, compliance, 4 of which should be in Data Privacy laws within the region and/or EU Data Privacy laws.
- Working experience in Risk, Compliance or Legal function, with recent experience in privacy compliance.
- Conversant with Banking regulatory requirements
- Experience in Branch Operations.
- Expertise in MIS.
- Knowledge of AML/KYC policy
- Excellent analytical skills.
- Excellent report writing skills
- Good Inter-personal sensitivity.
- Action and result orientation.
- Excellent communication & inter-personal skills
- Good presentation skills
How to Apply:
Send your CV and application letter showing how you meet the role requirement stated above to: Recruitment@nationalbank.co.ke by Monday, 3rd October 2022.
Please note that applications received after the deadline will not be considered.
Only shortlisted candidates will be contacted for the next stage/s of the process.