Data Protection Officer at Ecobank Kenya

Job Description

• Develop and oversee the bank's data protection policies, procedures, and practices to ensure full compliance with the Data Protection Act, 2019, and other applicable laws.
• Conduct comprehensive data protection impact assessments and risk analyses to identify vulnerabilities and enforce risk mitigation strategies.
• Design and deliver comprehensive data protection and privacy training programs to all staff members, fostering a data-conscious culture within the bank.
• Act as the primary contact for the Office of the Data Protection Commissioner (ODPC) and other regulatory bodies, managing all data protection-related communications, inquiries, and audits.
• Ensure efficient and lawful handling of all data subject requests, including access, rectification, deletion, and data portability requests.
• Lead the bank's response to data protection incidents, including data breaches, ensuring timely notification to regulatory authorities and affected individuals when necessary.
• Assess and monitor third-party vendors and service providers to ensure compliance with data protection standards, including overseeing data processing agreements.
• Provide expert advice to senior management and colleagues on data protection, privacy issues, and the impact of legislative changes.
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and data protection program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the bank.
• Develop and manage information security and risk management awareness training programs for all employees.
• Lead security incident response efforts, including investigation and reporting of security breaches and other cybersecurity incidents.
• Maintain comprehensive records of all data processing activities conducted by the bank, including the purposes of the processing and data sharing agreements with third parties.
• Monitor data management procedures and processes within the Bank ensuring compliance to regulatory requirements, Group and Affiliate data protection policies.
• Maintain records of all mapping of data processing operations within the Bank
• Advise the data controller or data processor and their employees on data processing requirements provided under the Data Protection Act, 2019, Privacy Information Management System (ISO 27701) or any other written law.
• To prepare regular update reports on the Data Protection compliance program to Head, Infosec, Management, Board updates and any other relevant stakeholders.
• Monitors compliance with information security policies and procedures, referring exceptions to the Country Information Security Head.