To fulfill the primary objectives of this position, the successful candidate will be responsible for driving key initiatives that align with organizational goals. The role requires a proactive approach to problem-solving, ensuring efficient and effective execution of assigned tasks. The individual will collaborate closely with cross-functional teams to achieve project milestones and meet performance targets. Strong analytical skills, adaptability, and the ability to work under pressure in a dynamic environment are essential. Additionally, the role demands a commitment to continuous improvement and the capacity to mentor junior staff when necessary.
The successful applicant will possess deep expertise in international data protection regulations and will oversee the organization’s adherence to compliance and ethical standards in the processing of personal data. A primary focus will be developing a robust framework to facilitate lawful data exchange across multiple business licenses and regulatory jurisdictions, thereby streamlining customer onboarding (achieving a “One Customer View”) while maintaining stringent data privacy and security protocols.
Oversee and execute core responsibilities encompassing strategic planning, project management, and cross-functional collaboration to drive organizational objectives. Ensure adherence to established policies and procedures while maintaining high standards of quality and efficiency. Facilitate communication between departments to streamline operations and enhance productivity. Monitor performance metrics and implement improvements as needed to achieve departmental and company-wide goals.
The role involves overseeing strategy formulation and ensuring robust governance practices are implemented across the organization. Key responsibilities include developing long-term strategic plans, aligning them with business objectives, and monitoring their execution. Additionally, the position requires establishing and enforcing governance frameworks to maintain compliance, mitigate risks, and promote ethical decision-making. Strong leadership, analytical skills, and the ability to collaborate with senior stakeholders are essential for driving alignment and accountability.
Formulate, execute, and sustain the BKL’s data protection strategy, policies, standards, and procedures to ensure robust security and compliance measures.
Develop and implement an enterprise-wide data governance framework, establishing a centralized authority to oversee all data protection initiatives.
Act as the main liaison for data protection authorities and other regulatory bodies concerning data-related matters.
Provide strategic guidance to the Board and senior management regarding data protection and privacy, ensuring they remain fully apprised of their legal obligations, potential risks, and the broader strategic implications arising from evolving regulatory frameworks.
Develop and maintain a thorough data inventory and detailed data flow maps encompassing all personal data processed by BKL, as well as that within its third-party ecosystem.
Ensures adherence to regulatory requirements and mitigates organizational risks through systematic identification, assessment, and mitigation strategies, safeguarding the integrity and sustainability of business operations while maintaining compliance with applicable laws, industry standards, and internal policies.
Ensure adherence to all applicable data protection regulations, including GDPR and the Kenya Data Protection Act, as well as internal policies.
Convene and manage Data Protection Impact Assessments (Dias) for emerging products, systems, and operational processes—particularly those facilitating data sharing across organizational divisions, such as the exchange of bank KYC data with affiliated insurance entities.
Compile and oversee a thorough inventory detailing all data processing operations, ensuring compliance with relevant regulations and internal policies.
Develop a structured system to efficiently process and address data subject requests—such as those for access, rectification, or erasure—in accordance with regulatory timelines and compliance standards.
Serve as the primary liaison between the organization and data protection authorities, as well as regulatory bodies, on all matters pertaining to data governance and compliance.
Ensure compliance by submitting all required registrations and notifications to the appropriate data protection authorities without delay.
Responsibilities include supervising the administration and evaluation of data subject rights requests, such as those related to access, rectification, and erasure, to guarantee prompt handling and full legal compliance.
Identify, evaluate, and address data protection risks within BKL and its third-party ecosystem to ensure robust safeguards.
Verify that third-party contracts and data-sharing agreements incorporate comprehensive data protection provisions and conduct thorough due diligence on all partners involved in processing personal data.
We facilitate seamless access to and exchange of information across organizational boundaries, implementing robust frameworks to ensure secure and efficient data dissemination while maintaining compliance with applicable regulations and standards. This role requires expertise in data governance, interoperability protocols, and privacy-preserving techniques, along with proficiency in relevant technologies and tools. Key responsibilities include developing policies that govern data sharing practices, overseeing cross-platform integration initiatives, and collaborating with stakeholders to align data-sharing strategies with business objectives while mitigating risks associated with unauthorized access or misuse.
To develop and execute both legal and technical frameworks that enable BKL and its stakeholders—including third parties, collaborators, and affiliated entities—to share data in a lawful and secure manner.
Conduct a thorough assessment of the Intra-Group Data Sharing Agreements, which precisely outline the objectives, legal framework, and protective measures governing the exchange of customer data to streamline the onboarding process.
Provide strategic guidance to the organization on implementing data anonymization, pseudonymization, and other privacy-enhancing methodologies to mitigate risk exposure while advancing key business goals.
The role involves overseeing and resolving IT incidents to minimize downtime and ensure smooth operations. Duties include identifying, documenting, and escalating incidents, collaborating with technical teams to restore services, and conducting post-incident reviews to prevent recurrence. Strong problem-solving skills and proficiency in incident tracking tools are required. Additionally, the position demands clear communication with stakeholders to provide updates and resolutions efficiently.
Develop and oversee the BKL data breach incident response plan to ensure comprehensive preparedness and effective execution.
Investigate, mitigate, and report data breaches or privacy incidents in coordination with IT security and legal teams.
Develop and execute a comprehensive data breach response strategy, overseeing the investigation and documentation of any incidents involving the disclosure or compromise of personal data.
We are seeking a skilled professional to develop and deliver comprehensive training programs and awareness initiatives designed to enhance employee skills and ensure organizational compliance. This role requires the ability to assess training needs, design engaging learning materials, and implement effective instructional strategies. The successful candidate will collaborate with department leaders to identify key competency gaps, coordinate training schedules, and evaluate program effectiveness through feedback and performance metrics. Strong communication skills, a deep understanding of adult learning principles, and proficiency in learning management systems are essential to excel in this position.
To create and implement a compulsory data protection training initiative for all employees and contractors throughout the Bank.
Foster a company-wide commitment to embedding privacy principles and data protection best practices into all organizational processes and decision-making.
Offer strategic counsel and support to business units—including Banking, Insurance, Mobile Payments, and Foundation—regarding data protection best practices tailored to their operational needs.
Collaborate effectively with IT and Information Security teams to verify that suitable technical and organizational safeguards are implemented to safeguard personal data.
Develop and implement key performance indicators and reporting frameworks to assess the efficacy of the data protection program, ensuring transparency in compliance status for senior leadership and the Board.
Collaborate closely with the Group and other stakeholders to engage with regulators regarding draft regulations, contributing valuable insights that help develop a practical and effective data protection framework.
Qualifications
Applicants must possess a relevant academic qualification and demonstrated professional experience in the field to be considered for this opportunity.
A Bachelor’s degree in Law, Information Technology, or a related discipline is required. Possession of a Master’s degree would be advantageous.
Professional certification in data protection and privacy, such as CPP/E, COPT, CPM, or FIP, is a mandatory qualification for this role.
A minimum of eight to ten years of progressive experience in a senior data protection capacity, ideally within a multifaceted financial services or technology enterprise operating across multiple jurisdictions, is required.
Possesses advanced expertise in key global data protection regulations, with a particular emphasis on GDPR and the legal frameworks governing data protection across African jurisdictions, and demonstrates proficiency in their real-world implementation.
Proven track record in designing, executing, and sustaining privacy frameworks across the entire enterprise.
Experienced in IT security controls and privacy-enhancing technologies.
Proficient in strategic planning, project management, and data analysis to drive informed decision-making and operational efficiency. Strong leadership abilities to guide cross-functional teams, foster collaboration, and inspire high performance. Excellent communication skills to articulate complex ideas clearly and adapt messaging for diverse audiences. Demonstrated proficiency in identifying business opportunities, mitigating risks, and optimizing processes to achieve organizational objectives. Adept at problem-solving and critical thinking to navigate challenges and implement innovative solutions. Capable of managing multiple priorities with attention to detail and adherence to deadlines.
Possesses comprehensive expertise in international data protection principles and regulations, including GDPR, along with specialized knowledge of critical data protection laws across Africa.
Demonstrated expertise in designing and executing comprehensive privacy frameworks across the entire organization.
Demonstrates a capacity to devise and implement a forward-thinking strategy for safeguarding data, ensuring alignment with the organization’s overarching business goals.
Leadership & Influence: Exceptional leadership capabilities, coupled with the skill to effectively influence and foster consensus among high-level executives, business leaders, and external stakeholders.
Possesses outstanding communication and interpersonal abilities, adept at translating intricate legal and technical information into clear, accessible language for diverse audiences.
Demonstrated expertise in cultivating and sustaining robust connections with key internal stakeholders, regulatory authorities, and industry associations.
Strong analytical and problem-solving abilities are required to evaluate risks, interpret regulatory requirements, and implement practical, effective solutions.
Upholding the highest standards of integrity and professional ethics is essential.
Interested applicants should submit their materials through the prescribed application method. This approach ensures a standardized process for all candidates. The method of application may include online submissions, email correspondence, or postal mail, depending on the specific instructions provided. Candidates are advised to follow these guidelines closely to ensure their application is processed efficiently and considered for further review.
To submit your application, kindly utilize the provided link(s) on the company’s official website.
Qualifications
BA/BSc/HND , MBA/MSc/MA , Professional Certificate
Experience Required
8 - 10 years
