Data Protection Officer – National Bank of Kenya – Nairobi

Position Scope:
The job holder is responsible for overseeing the Bank’s data protection strategy, implementation of data protection principles and ensuring effective compliance across the Bank.

Key Responsibilities:
Act as the primary point of contact within the Bank for data privacy issues for members of staff, regulators, and any relevant data protection authorities.
Ensure the Bank’s policy is in accordance with the Data Protection Act, 2019.
Evaluate the existing data protection framework and identify areas of non or partial compliance and resolve any issues.
Conduct regular assessment to ensure the Bank’s compliance with the data protection laws.
Devise training plans and provide training to staff regarding data protection, compliance for those who are involved in processing sensitive personal data and personal data to raise levels of awareness of data protection issues throughout the business. He/she will also provide data protection advice and support to members of staff.
Be proactive in horizon scanning for proposed and actual changes to data protection laws and guidance to ensure awareness of changes in the regulatory environment, and to advise the business on how to be market-leading in its data protection strategy.
Review and advise the business teams in relation to data subject access requests and support the teams to provide responses. Advise the business teams on any matters in relation to data protection compliance.
Promote a culture of data protection compliance across all units of the Bank and conduct periodic audits to ensure data privacy processes are being followed.
Always evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated.
Take ownership of data protection documentation and reporting requirements, including records of processing activities, data protection impact assessments, data incident records and data breach reporting, and conduct periodic compliance assessments of these.
Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).
Performing regular data privacy assessments to ensure compliance and proactively address potential issues
Evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated at all times.
Responding to data subjects about how their personal data is utilized and measures the Bank has put in place to protect their data.

Education, Professional Qualifications, Experience & Skills
Bachelor’s degree in Information Technology, Legal, Risk Management or business related field from a recognised university.
Professional Certification in CISA, CISM, CRISC, CDPSE or; CIPP/CIPM
Masters degree in Data Management or a business related field will be an added advantage.
At least 6-8 years’ working experience within risk management, internal audit, compliance, 4 of which should be in Data Privacy laws within the region and/or EU Data Privacy laws.
Working experience in Risk, Compliance or Legal function, with recent experience in privacy compliance.
Conversant with Banking regulatory requirements
Experience in Branch Operations.
Expertise in MIS.
Knowledge of AML/KYC policy
Excellent analytical skills.
Excellent report writing skills
Good Inter-personal sensitivity.
Action and result orientation.
Excellent communication & inter-personal skills
Good presentation skill

Method of Application
Send your CV and application letter showing how you meet the role requirement stated above to: by Monday, 3rd October 2022.