Deputy Manager, Data Protection Compliance in Risk and Compliance Division at Central Bank of Kenya

Job Purpose

This role provides subject matter expertise in developing, implementing, and maintaining the Bank’s Privacy and Data Protection framework. It ensures compliance with applicable data protection laws and regulations, embeds privacy-by-design principles into business operations, and manages data-related risks across products, services, and third-party relationships.

Key Duties and Responsibilities

• Maintain, and monitor the bank’s Privacy & Data Protection Framework, policies and standards.
• Maintain records of processing activities and lawful basis inventory across departments and the Bank as a whole.
• Provide advisory on privacy-by-design for new products, digital channels and new technology implementations.
• Conduct Data Privacy Impact Assessments as required.
• Coordinate data protection inquiries, breach notifications, and inspections.
• Co-lead incident response for data protection incidents.
• Coordinate post incident root cause analysis and lessons learned to enhance controls.
• Embed privacy in third party risk management.
• Design and deliver role-based privacy and data awareness training.
• Oversee retention and disposal aligned to legal, regulations, and business needs and work with IT and Records Management to operationalize deletion and archive controls.
• Plan and execute privacy control testing, thematic reviews, and supplier audits.
• Track remediation and report control maturity and risk posture.
• Prepare data protection compliance reports and dashboards.

Qualifications

• Bachelor’s degree in Law, IT, Business, or related field
• Membership of good standing in relevant professional association/ Institute.
• Professional certifications such as CIPP/E, CIPM, or equivalent privacy qualification is an added advantage.

Work Experience

• Minimum 5 years' experience in data protection, privacy compliance, or related risk roles in an organization of similar size and complexity.