Job Ref. No: JLIL035
Role Purpose
The purpose of this role is to establish, implement and enforce a robust Group-wide Data Protection and Compliance Framework and Systems (policies, processes, and tools), to ensure that the different companies within Jubilee Insurance are compliant with the Data Protection Act and Regulations.
Main Responsibilities
Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
Guiding the various Companies, their departments, and all support functions on implementation of Data Protection Act 2019 requirements and supporting them to ensure compliance with the Act.
Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
Conducting audits to ensure compliance, accountability and address potential issues proactively.
Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised with regards to Data Protection.
Monitoring performance and adherence to the requirements of the regulation while providing advice on the data protection impact assessment.
Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities, which must be made public on request.
Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, measures the companies and support functions have put in place to protect personal and/or sensitive information and raise awareness on all of the above.
Give advice and recommendations to the institutions/support functions and their employees on the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
Handle queries or complaints internally or externally regarding data confidentiality and use.
Providing status updates to the Compliance Manager, Senior and Middle Management on a regular basis (at least monthly and drawing immediate attention to any failure to comply with the applicable data protection requirements.
Support the business in preparation of digital and other privacy statements as may be required for the institutions and supporting functions and ensure processes are put in place for the institutions/support functions to collect consents from the relevant data subjects and partners, have relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
Prepare an annual work programme at the beginning of each year.
Key Competencies
Expertise in data protection law and practice
A complete understanding of the company’s IT infrastructure, technology, technical and organizational structure.
Experience and knowledge of the organization’s data processing operations and the level of data protection required for what is
Should be both reliable and independent, with no prior commitments that would interfere with the monitoring responsibilities of the Data Protection
Should have excellent management skills and be able to interface easily with both internal staff at all levels and outside
Personal skills: integrity, initiative, organization, perseverance, discretion, ability to assert himself/herself in difficult circumstances, interest in data protection and motivation to be a Data Protection
Interpersonal skills: Communication, Negotiation, Conflict Resolution and Ability to build working relationships.
Qualifications
Bachelor of Commerce/Bachelor of Science in Computer Science/Bachelor of Laws
Computer Software Packages
Privacy Professional Certifications provided by the International Association of Privacy Professionals (IAPP) such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Information Technology (CIPP/IT).
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA) certification
Certified Information Security Manager (CISM) certification
Relevant Experience
Minimum of 3 years’ relevant experience in a mid-management level in a compliance/audit environment, within the financial services industry but preferably in the insurance or banking industry.
Please apply via Recruitment@jubileekenya.com quoting the Job Reference Number and Position by 23rd February 2022.Only shortlisted candidates will be contacted.
Apply via :
Recruitment@jubileekenya.com