KNOWLEDGE, SKILLS & EXPERIENCE

Academic

Bachelor’s degree in Law, Information Systems, Computer Science, Business, Risk Management, or a related discipline.

Professional

• Certification or formal training in:
  
• Data Protection & Privacy (e.g., DPO Certification, GDPR/Data Protection short courses)
  
• Membership or affiliation with data protection or information security bodies is an added advantage.
  

Desired Work Experience

• 2–4 years’ experience in data protection, compliance, IT risk, legal compliance, or information security, preferably within a regulated financial institution.
  
• Demonstrated exposure in:
  • Kenya Data Protection Act requirements
    
  • Data mapping and processing inventories
    
  • Privacy impact assessments or compliance reviews
    

Data Protection Compliance

• Support implementation and day-to-day operation of the Bank’s Data Protection & Privacy Framework in line with the Kenya Data Protection Act and ODPC guidance.
  
• Assist the Data Protection Officer (DPO) in maintaining regulatory compliance.
  
• Support the administration and updating of data protection policies, standards procedures, and guidelines.
  

Data Inventory & Mapping

• Maintain the Bank’s Register of Processing Activities (RoPA).
  
• Coordinate periodic data mapping exercises across systems, vendors, and business units to ensure completeness and accuracy.
  
• Maintain and monitor data retention schedules for compliant disposal of records in accordance with regulatory and the Bank
  

Privacy Impact Assessments

• Conduct and document Data Protection Impact Assessments (DPIAs) for new products, systems, outsourcing arrangements, and process changes.
  
• Track implementation of privacy risk mitigation actions.
  

Data Subject Rights Management

• Coordinate responses to data subject requests (access, correction, deletion, objection).
  
• Ensure statutory timelines and documentation requirements are met.
  
• Assist in preparing reports, presentations, and compliance dashboards
  

Monitoring & Assurance

• Monitor compliance with privacy policies, consent requirements, data retention schedules, and cross-border data transfer controls.
  
• Support internal audits, regulatory reviews, and compliance assessments relating to data protection.
  
• Support the performance of third-party risk assessments and coordinate the tracking/closure of identified data privacy risks.
  
• Assess and identify data privacy risks for both existing and new projects, ensuring that privacy is embedded from the start (Privacy by Design) and that default settings protect personal data (Privacy by Default).
  

Training & Awareness

• Deliver data protection and privacy awareness training to staff.
  
• Provide practical guidance to business units on handling personal data securely.
  
• Conduct research on emerging privacy trends, regulatory updates, and best practices including
  

Incident Management

• Support investigation and documentation of data breaches and privacy incidents.
  

• Assist with regulatory notifications and internal reporting where required.
  

PERFORMANCE OBJECTIVES

• Maintain up-to-date processing inventories and DPIA records.
  
• Ensure timely responses to data subject requests.
  
• Sustain compliance with data protection audit outcomes.