Role Purpose
The purpose of this role is to establish, implement, and enforce a robust group-wide Data Protection Compliance framework and systems to ensure the Group and its subsidiaries are compliant with the Data Protection Law and regulations.
The job holder will be a member of the Data Protection Technical Committee (DPTC) responsible for implementing Information Risk and Data Protection programs with the Group.
Duties and Responsibilities
Advise the Group and employees on data processing requirements provided under this Act or any other written law;
Ensure on behalf of the Group, that the Data Protection Act is complied with;
Facilitate capacity building of staff involved in data processing operations;
Provide advice on data protection impact assessment;
Co-operate with the Data Commissioner and any other authority on matters relating to data protection;
Defining a Group Data Protection compliance program;
Champion Data Protection compliance;
Develop data protection implementation plan and strategies;
Interpreting data in relation to data protection laws;
Analyzing and classifying data on behalf of the Group;
Identifying patterns and trends in data sets;
Regularly Conduct Data Protection Impact Assessment;
Implementing an effective compliance training program on data protection;
Identify, analyze, and interpret trends or patterns in complex data sets;
Coordinate reporting of data breaches to data protection commissioner;
Respond to all data protection queries on behalf of the Group;
Issue and respond to any notice on data breach;
Work with the Data Protection Committee to align data protection policies with the relevant laws;
Work with management to prioritize business and information security needs;
Identify and define new process improvement opportunities on data protection;
Develop, monitor, and update detailed data protection policies and procedures;
Report on compliance gaps noted and ensure that the needed improvements are recommended;
Work with legal team to ensure full compliance with all data protection laws;
Promote a culture of data protection across all departments of the organization.
Qualifications and Experience
Bachelor’s Degree in Computer science, information technology or law from a reputable institution;
Knowledge of the Data Protection Act & General Data Protection Regulations (GDPR) is an added advantage;
Professional certifications in (e.g. CISA, CISM) or CISSP or similar certification;
Professional certification in privacy such as CIPP;
Minimum of 3 years experience in an IT security, risk management, compliance, or audit-related role, preferably within the insurance or banking industry at a senior level.
Deadline:31st March 2022
go to method of application »
Qualified candidates are requested to forward their applications together with their CVs and copies of documents to the Group HR Manager on hr_recruitment@madison.co.ke
Apply via :
hr_recruitment@madison.co.ke
