Job Description
PURPOSE:
The bearer of the role, will work closely with the compliance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the Data Protection Act.
The Data Protection Officer will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the Data Protection Act.
S/He will be responsible for staff training and data protection impact assessments as well as be the primary contact for supervisory authorities and individuals whose data is processed by the organization.
PRIMARY RESPONSIBILITIES
• Establishing the Data Protection framework and implementation plan, and development of policies including developing templates for data collection and assisting with data mapping.
• Guiding the various subsidiaries and departments on the implementation of the Data Privacy requirements and supporting them to ensure compliance with the Data Protection Act (including how to deal with privacy breaches)
• Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities which must be made public on request.
• Training stakeholders involved in data collection/processing, updating the training requirements as well as conducting specific trainings for particular processing requirements.
• Conducting reviews to ensure compliance, accountability and to address potential issues proactively.
• Ensuring that IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
• Support the business in preparation of privacy statements for each processing operation, and ensuring processes are put in place to ensure that the privacy statement is provided to the data subjects on all company forms and/or literature, websites and other communication or data collection mediums.
• Collaborating with the Information Security function to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
• Create Information Base: Create an intranet page for data protection in the institution which includes privacy statements, Data Protection guidelines/instructions of the institution/body, quality assurance reports, Data Protection periodic reports, and any other elements which may be helpful to the controllers and the staff of the organization.
• Serving as the point of contact between the company and the Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised.
• Interfacing with data controllers and data subjects to inform them about the use of their data, their data protection rights, obligations, responsibilities, the measures the company has put in place to protect their personal information and to raise awareness on the above.
• Providing quarterly status updates to senior and middle management and drawing immediate attention to any failure to comply with the applicable data protection rules.
• Prepare an annual work programme at the beginning of each year for sign off.
PERSON SPECIFICATIONS
Academic Qualifications
• Law degree from an accredited law school or Bachelor of Science in Computer Science.
Professional Qualifications
• Data Protection and/or Privacy certification: (International Association of Privacy Professionals (IAPP) such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Information Technology (CIPP/IT)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA) certification
• Certified Information Security Manager (CISM) certification
Experience
• Minimum of Three (3) years’ relevant experience in a compliance/audit environment, within the financial services industry preferably in the insurance or banking.
• Have carried out at least one Data Protection Impact Assessment exercise
Skills and Attributes
• Expertise in data protection law and practice
• Software proficiency
• Reliable and independent.
• Management and Organization Skills
• Business acumen.
• Excellent communication
• Negotiation and Conflict Resolution skills.
• Time Management.
• Result driven.
• Strategic thinking and Decision Making
• Ability to use independent judgment and discrete.
• Data analytics
• Interpersonal skills
• Integrity
• Planning and organizing.
• Discretion and confidentiality.
If you have the aforementioned professional and academic qualifications and you are ready to execute the above mandate, strictly apply through https://cic.co.ke/job-application clearly indicating the position being applied for.
The application should reach us by close of business on 5th October, 2021.
Please note only short listed candidates will be contacted. If you do not hear from us by 15th October, 2021 consider your application unsuccessful.