Work closely with the Legal, Compliance, Risk, Audit, Operations, and Information Security units and other functions to develop and monitor policies and standards applicable to the business and in compliance with the DPPA.

Key Result Areas:
• Implementing measures and a privacy governance framework to manage data use in compliance with the DPPA including developing templates for data collection, assisting with data mapping, and vendor management reviews.
• Working with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Reviewing vendor contracts (including Model Clauses) and consents needed to implement projects in partnership with the bank’s Procurement and legal functions and ensuring compliance requirements with local regulators are achieved.
• Maintain the banks Data protection strategy and plan as guided by the manager Cyber Security
• Participating in the Data Privacy / Information Governance Committee and work group sessions.
• Managing and conducting ongoing reviews of the Bank’s privacy governance framework while aligning DPPA with industry regulations like FIA, Payments Act etc.
• Monitoring changes to local privacy laws and making recommendations to the Data Privacy / Information Governance Committee when appropriate.
• Setting standards and reviewing policies and procedures globally that meet the requirements under the DPPA and any localization requirements in countries of operation.
• Participating in Data Loss Prevention Strategy as may be guided by the Manager Cyber Security.
• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders while Coordinating and conducting data privacy audits with guidance of the DPPA.
• Ensure bank employee awareness of data privacy and security issues.
• Collaborating with the Information Security function to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests.
• Analyze current security requirements and make suggestions for improvements in line with the Acts and regulations while aligning them to Banks chosen Security frameworks
• Participate in access control, business continuity, incident response, and risk management needs in the organization
• Carry out Assessments on the bank compliance to the regulations and guidelines
• Participate in risk assessments of all business applications, ICT installations and ensure that information systems are adequately protected and are in line with information security policies and standards.

Minimum educational and technical competence requirements:
• Must possess a Bachelor’s degree in Computer science, information technology, business computing, or any technology related field.
• Any Security related certification will have an added advantage.
• Must have at least 2 years’ experience in ICT and/or any assurance function.
• Must be Up-To-Date on Relevant Regulations.
• Familiarity with computer security systems
• Working knowledge of information security principles and how they apply to the Institution.
• Highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues.
• Proper Understanding of Banking regulations including and not limited to the FIA and DPPA
• Must have Strong knowledge of security aspects such as authentication, access control, firewall technologies, disaster prevention and recovery, intrusion detection, encryption, and data integrity.
• Must demonstrate knowledge and Skills in programing with applications and database security methodologies.
• Good communications, teamwork, and conflict management skills.
• Good working knowledge of SLA’s and policies.
• Ability to work under pressure with minimum supervision.
• Good practical administrative experience with enterprise grade technologies.
• Good working knowledge of information security standards, frameworks and guidelines
• Flexibility
• Confidentiality
• High integrity