Compliance Risk Management Senior Officer – East Africa Data Protection Officer (DPO) at Citi

Serves as a senior compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protect the franchise. In addition, engages with the ICRM product and function coverage teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework.

Responsibilities:

• Designing, developing, delivering and maintaining best-in-class Compliance, programs, policies and practices for ICRM.
• Translating ICRM strategy and goals across Citi’s clients, products and geographies in a succinct and clear manner; provide direction and guidance on the programs. Serves as a subject matter expert on Citi’s Compliance programs.
• Providing oversight and guidance over the assessment of complex issues, structuring potential solutions and driving effective resolution with other stakeholders.
• Identifying and assessing Citi’s key compliance risks. Ensuring compliance risks within Citi are effectively identified, measured, monitored, and controlled, consistent with the bank’s risk appetite statement and all policies and processes established within the risk governance framework.
• Monitoring adherence to Citi’s Compliance Risk Policies and measuring compliance risk through a robust control framework and ensuring that reviews are conducted consistently across each entity on a regular basis to confirm that controls identified are operating effectively.
• Performing complex analyses of comparative data, preparing and presenting regional and global reports related to compliance risk assessments, and monitoring of compliance related issues.
• Partnering, collaborating and working with other areas within Citi, as necessary.
• Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas.
• Additional duties as assigned:
• Acting as the East Africa Data Protection Officer with lead responsibility for advising and monitoring data protection requirements, and escalating matters as appropriate to the EMEA Chief Privacy Officer, the East Africa Compliance Officer and relevant governance forums;
• Facilitating compliance with and advising on local data protection, privacy and banking confidentiality laws to Citi branches and subsidiaries across  East Africa;
• Managing and assisting with the implementation of the global privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting; providing recommendations on operationalizing solutions across East Africa and sharing leading practices with other DPOs and business stakeholders;
• Acting as a point of contact between Citi Legal Entities in East Africa and the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy including local regulatory reporting as required by country privacy laws and joining forums organized by external bodies, where appropriate;
• Advising Country Senior Management and staff on data processing requirements provided under local laws and facilitating capacity building and training to staff involved in data processing operations;
• Promoting privacy by design working with local Product, Function and technology teams, and reviewing and advising on East Africa data protection impact assessments, where necessary; developing an understanding of local data processing activities, data flows and associated privacy risks.
• Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances;
• Ensuring that regular assessment and audits are conducted to ensure compliance with local data protection laws;
• Monitoring and advising on the completion and maintenance of records of processing activities;
• Advising on privacy-related considerations and requirements during the investigation of security incidents including advising on notifications to local privacy regulators;
• Advising on the implementation of new data protection, privacy and banking confidentiality laws in Citi Legal Entities across East Africa, working closely with first line In-Business Privacy Officers, local Product and Function teams and Country Legal and Compliance
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• Expertise of Compliance laws, rules, regulations, risks and typologies;
• Excellent written, verbal and analytical skills
• Must be a self-starter, flexible, innovative and adaptive;
• Highly motivated, strong attention to detail, team oriented, organized
• Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging
• Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level
• Experience in managing regulatory exams and relationships with examiners, auditors etc.
• Awareness of regulatory requirements including local and US laws, international and industry standards
• Advanced knowledge in area of focus

Education:

• Required Bachelor’s degree; experience in compliance, legal or other control-related function preferably in a financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof; knowledge of the local privacy laws and regulations in Kenya, Uganda, Zambia, Tanzania and Rwanda; experience in advising on and implementing practical solutions for privacy/compliance issues

Knowledge and skills

Required:

Expertise of Compliance laws, rules, regulations, risks and typologies, specifically privacy and data protection laws, rules and regulations in East Africa;

• Excellent written, verbal and analytical skills
• Must be a self-starter, flexible, innovative and adaptive;
• Highly motivated, strong attention to detail, team oriented, organized
• Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging
• Ability to work collaboratively with regional and global partners in other functional units; 
• ability to navigate a complex organization; to influence and lead people across cultures at  a senior level
• Experience in managing regulatory exams and relationships with examiners, auditors, etc.
• Awareness of regulatory requirements including local, European and US privacy laws, international and industry standards                                            
• Advanced knowledge in area of focus (privacy and data protection generally)
• Ability to promote a data protection and privacy compliant culture within the organization
• Understanding of data security and information technology
• Written and spoken English language skills (professional proficiency)
• Preferred: Knowledge and experience in understanding personal data processing activities and  managing areas relevant to privacy and data protection (e.g. information security; data governance; third party risk management)
• Knowledge of IT systems in financial services organizations

Other:

• IAPP CIPP, CIPM, CIPT or other Data Protection Officer certification (existing or pending)
• CISSP and CIPM and other Information Security-related certifications are a plus