Data Protection Officer at KCB Bank Kenya

The Position:

Reporting to the Group Chief Risk Officer, the Data Protection Officer will oversee the Bank’s data protection strategy, implementation of data protection principles and ensuring effective compliance across the Bank.

Key Responsibilities:

• Act as the primary point of contact within the Bank for members of staff, regulators, and any relevant data protection authorities.
• Ensure the Bank’s policy is in accordance with the Data Protection Act, 2019.
• Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues.
• Conduct regular assessment to ensure the Bank’s compliance with the data protection laws.
• Will be responsible for devising training plans and providing training to staff regarding data compliance for those who are involved in processing sensitive and personal data to raise levels of awareness of data protection issues throughout the business. He/she will also provide data protection advice and support members of staff.
• Be proactive in horizon scanning for proposed and actual changes to data protection laws and guidance to ensure awareness of changes in the regulatory environment, and to advise the business on how to be market-leading in its data protection strategy.
• Review and advise the business teams in relation to data subject access requests and support the teams to provide responses. Advise the business teams on any matters in relation to data protection compliance.
• Promote a culture of data protection compliance across all units of the organization.
• Identify and evaluate the Bank’s data processing activities and keep the Bank’s data processing inventory updated at all times.
• Take ownership of data protection documentation and reporting requirements, including records of processing activities, data protection impact assessments, data incident records and data breach reporting, and conduct periodic compliance assessments of these.
• Responding to data subjects to inform them about how their personal data is being used and what measures the Bank has put in place to protect their data.
• Offer consultation on how to deal with privacy breaches.
• Work collaboratively and proactively with the legal and compliance team in relation to data protection issues.
• Inform and advise the Data Controller or Data Processor on all matters related to data protection.
• Perform other related duties as emanates from the post, as and when assigned by the Supervisor.

Job Requirements:

For the above position, the successful applicant should have the following:

• Degree in Information Technology, Legal, Risk Management or Business-related field
• Hold at least one Data Protection and/or Privacy certification, CISA, CRISC, CDPSE
• Minimum of 8 years’ experience within a Risk, Compliance or Legal function, with experience in Privacy Compliance.
• Experience in Data Privacy laws within the region and/or EU Data Privacy laws.
• Excellent communication skills and the ability to establish and maintain trust and credibility at all levels
• Able to work under pressure and meet deadlines.
• Proficient in the use of Microsoft Office products
• Ability to lead, influence and drive change initiatives in support of business strategies within the department/unit
• Demonstrated business acumen - able to create strategy and actions that impact business success.
• Creativity and innovation skills, with ability to use technology and other modern tools to drive decision making and implementation.
• Professionalism and integrity in line with the Bank values.
• High-level oral and written communication skills.
• Strong analytical skills with the ability to understand complex information and communicate this in a non-specialist format to the wider business.
• A proven ability to provide independent, objective views of risk and innovative solutions to problems, with the capability to articulate these up to board level.
• Personal motivation and drive exhibited through commitment to hard work, continuous improvement, and achievement of goals.
• Good customer relationship management skills (internal and external customers)
• Risk awareness and focus to demonstrate an understanding of risk management practices, standards, and regulatory requirements
• Effective stakeholder management.