Data Protection Officer
Job Ref No. HR/023/2022
Available Position: 1
Division: Risk
Location: Head Office
Reporting to: Head Compliance
Position Scope: The job holder is responsible for overseeing
the Bank’s data protection strategy, implementation of data protection
principles and ensuring effective compliance across the Bank.
Key Responsibilities:
- Act
as the primary point of contact within the Bank for data privacy issues
for members of staff, regulators, and any relevant data protection
authorities.
- Ensure
the Bank’s policy is in accordance with the Data Protection Act, 2019.
- Evaluate
the existing data protection framework and identify areas of non or
partial compliance and resolve any issues.
- Conduct
regular assessment to ensure the Bank’s compliance with the data
protection laws.
- Devise
training plans and provide training to staff regarding data protection,
compliance for those who are involved in processing sensitive personal
data and personal data to raise levels of awareness of data protection
issues throughout the business. He/she will also provide data protection
advice and support to members of staff.
- Be
proactive in horizon scanning for proposed and actual changes to data
protection laws and guidance to ensure awareness of changes in the
regulatory environment, and to advise the business on how to be
market-leading in its data protection strategy.
- Review
and advise the business teams in relation to data subject access requests
and support the teams to provide responses. Advise the business teams on
any matters in relation to data protection compliance.
- Promote
a culture of data protection compliance across all units of the Bank and
conduct periodic audits to ensure data privacy processes are being
followed.
- Always
evaluate the Bank’s data processing activities and keep the Bank’s data
processing inventory updated.
- Take
ownership of data protection documentation and reporting requirements,
including records of processing activities, data protection impact
assessments, data incident records and data breach reporting, and conduct
periodic compliance assessments of these.
- Serving
as the contact point for data subjects on privacy matters, including DSARs
(data subject access requests).
- Performing
regular data privacy assessments to ensure compliance and proactively
address potential issues
- Evaluate
the Bank’s data processing activities and keep the Bank’s data processing
inventory updated at all times.
- Responding
to data subjects about how their personal data is utilized and measures
the Bank has put in place to protect their data.
Education, Professional Qualifications, Experience & Skills
- Bachelor’s
degree in Information Technology, Legal, Risk Management or business
related field from a recognised university.
- Professional
Certification in CISA, CISM, CRISC, CDPSE or; CIPP/CIPM
- Masters
degree in Data Management or a business related field will be an added
advantage.
- At
least 6-8 years’ working experience within risk management, internal
audit, compliance, 4 of which should be in Data Privacy laws within the
region and/or EU Data Privacy laws.
- Working
experience in Risk, Compliance or Legal function, with recent experience
in privacy compliance.
- Conversant
with Banking regulatory requirements
- Experience
in Branch Operations.
- Expertise
in MIS.
- Knowledge
of AML/KYC policy
- Excellent
analytical skills.
- Excellent
report writing skills
- Good
Inter-personal sensitivity.
- Action
and result orientation.
- Excellent
communication & inter-personal skills
- Good
presentation skills
How to Apply:
Send your CV and
application letter showing how you meet the role requirement stated above to: Recruitment@nationalbank.co.ke by Monday,
3rd October 2022.
Please note that
applications received after the deadline will not be considered.
Only shortlisted
candidates will be contacted for the next stage/s of the process.