The role is responsible for the management of compliance, recordkeeping, monitoring, and analytical functions involved with regulatory compliance, anti-fraud, Anti Money Laundering (AML), and Counter Terrorist Financing (CTF).

The role will further be responsible for Data Protection for CIC Africa Subsidiaries and will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the Data Protection Act. The DPO will be responsible for staff training and data protection impact assessments. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.

Duties will include:
Compliance Duties
1. Develop an appropriate Compliance Management framework, methodology and process to ensure compliance with all the set-up regulations.
2. Provide high quality Compliance advice to Business and Support functions on applicable internal policies, laws and regulations
3. Provide advice regarding Anti-money laundering compliance especially; client due diligence, KYC standards, internal policies and local regulations
4. Performing real time surveillance and support to prevent misconduct, promoting ethical standards, and monitoring and advising on rules, within the overall objective of reducing noncompliance risk to the business
5. Provide in depth analysis on changes to regulations and provide support to the Business on implementation
6. Carry out compliance monitoring and perform ad hoc investigations into matters or issues that are escalated to Compliance
7. Prepare draft operational policies to assist in compliance with laws and regulation for management approval.
8. Coordinate submission of regulatory returns
9. Prepare compliance reports for Management and the Board.

Data Protection Duties
1. Establishing the Data Protection framework and implementation plan, and development of policies including developing templates for data collection and assisting with data mapping.
2. Guiding the various subsidiaries and departments on the implementation of the Data Privacy requirements and supporting them to ensure compliance with the Data Protection Act (including how to deal with privacy breaches)
3. Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities which must be made public on request.
4. Training stakeholders involved in data collection/processing, updating the training requirements as well as conducting specific trainings for particular processing requirements.
5. Conducting reviews to ensure compliance, accountability and to address potential issues proactively.
1. Ensuring that IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
2. Support the business in preparation of privacy statements for each processing operation, and ensuring processes are put in place to ensure that the privacy statement is provided to the data subjects on all company forms and/or literature, websites and other communication or data collection mediums.
3. Collaborating with the Information Security function to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
6. Create Information Base: Create an intranet page for data protection in the institution which includes privacy statements, Data Protection guidelines/instructions of the institution/body, quality assurance reports, Data Protection periodic reports, and any other elements which may be helpful to the controllers and the staff of the organization.
7. Serving as the point of contact between the company and the Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised.
8. Interfacing with data controllers and data subjects to inform them about the use of their data, their data protection rights, obligations, responsibilities, the measures the company has put in place to protect their personal information and to raise awareness on the above.
9. Providing quarterly status updates to senior and middle management and drawing immediate attention to any failure to comply with the applicable data protection rules.
10. Prepare an annual work programme at the beginning of each year for sign off.

Legal & Company Secretarial Duties
1. Provide technical support to the Company Secretary including organizing Board & management meetings, circulation of Board papers and minutes taking as and when required.
2. Drafting correspondences, prepare reports and proof-read documents as assigned.
3. Coordinate with external Counsel in availing required documentation and support with respect to Court Cases handled on behalf of the Company
4. Represent the Company in legal matters before Courts of Law where required
5. Draft and review Agreements, Contracts, and other legal documents as and when assigned.
6. Carry out legal research and provide reasoned legal opinion.
7. Continuous sensitization of staff of the policies, regulations and standards to be complied with.
8. Attend and actively participate in periodic meetings of the Legal Department, and take actions arising from the meetings.

Position Specifications Education
1. University Degree in law.
2. Professional Qualification
3. Minimum of 3 years’ relevant experience in a compliance/audit environment, within the financial services industry but preferably in the insurance or banking industry.

Key Competencies
1. Team player adaptable to fast-paced and changing environment and eager to learn.
2. Ability to manage tight processes, accuracy and attention to detail.
3. Ability to dive into the details and develop greater understanding of the CIC compliance requirement.
4. Highly disciplined person, self-motivated, and delivery focused.
5. Excellent time management skills – Be able to organize and meet monthly, quarterly and annual deadlines for multiple regulators.
6. Communication, Negotiation, Conflict Resolution and Ability to build working relationships.
7. Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
8. Demonstrated ability to undertake large, long-term projects, develop alternative methods to complete them, and implement solutions.
9. Ability to use independent judgment and discretion when making majority of decisions.
10. Ability to handle confidential and sensitive information with the appropriate discretion and ethics.