Jobs Career Advice Signup

Send this job to a friend


Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 7, 2022
    Deadline: Jul 21, 2022
  • Never pay for any CBT, test or assessment as part of any recruitment process. When in doubt, contact us

    CIC Insurance Group Limited, commonly referred to as CIC Group, is an insurance and investment group that operates mainly in Kenya, Uganda, South Sudan and Malawi
    Read more about this company


    Data Protection Officer


    • The bearer of the role, will work closely with the compliance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the Data Protection Act.
    • The Data Protection Officer will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the Data Protection Act.
    • S/He will be responsible for staff training and data protection impact assessments as well as be the primary contact for supervisory authorities and individuals whose data is processed by the organization.


    • Establishing the Data Protection framework and implementation plan, and development of policies including developing templates for data collection and assisting with data mapping.
    • Guiding the various subsidiaries and departments on the implementation of the Data Privacy requirements and supporting them to ensure compliance with the Data Protection Act (including how to deal with privacy breaches)
    • Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities which must be made public on request.
    • Training stakeholders involved in data collection/processing, updating the training requirements as well as conducting specific trainings for particular processing requirements.
    • Conducting reviews to ensure compliance, accountability and to address potential issues proactively.
    • Ensuring that IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
    • Support the business in preparation of privacy statements for each processing operation, and ensuring processes are put in place to ensure that the privacy statement is provided to the data subjects on all company forms and/or literature, websites and other communication or data collection mediums.
    • Collaborating with the Information Security function to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
    • Create Information Base: Create an intranet page for data protection in the institution which includes privacy statements, Data Protection guidelines/instructions of the institution/body, quality assurance reports, Data Protection periodic reports, and any other elements which may be helpful to the controllers and the staff of the organization.
    • Serving as the point of contact between the company and the Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised.
    • Interfacing with data controllers and data subjects to inform them about the use of their data, their data protection rights, obligations, responsibilities, the measures the company has put in place to protect their personal information and to raise awareness on the above.
    • Providing quarterly status updates to senior and middle management and drawing immediate attention to any failure to comply with the applicable data protection rules.
    • Prepare an annual work programme at the beginning of each year for sign off.


    Academic Qualifications

    • Law degree from an accredited law school or Bachelor of Science in Computer Science.

    Professional Qualifications

    • Data Protection and/or Privacy certification: (International Association of Privacy Professionals (IAPP) such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Information Technology (CIPP/IT)
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA) certification
    • Certified Information Security Manager (CISM) certification


    • Minimum of Three (3) years’ relevant experience in a compliance/audit environment, within the financial services industry preferably in the insurance or banking.
    • Have carried out at least one Data Protection Impact Assessment exercise

    Method of Application

    Interested and qualified? Go to CIC Insurance on to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at CIC Insurance Back To Home

Subscribe to Job Alert


Join our happy subscribers

Send your application through

GmailGmail YahoomailYahoomail