Job Purpose

To lead the implementation of the Stanbic Kenya Management Data Privacy Framework and as it relates to the holistic approach to Information Risk Management. To ensure country compliance with applicable Privacy laws, regulations and industry standards. To lead the implementation of the Data Privacy Compliance Framework across all business units in the bank.

Key Responsibilities/Accountabilities

Risk, Regulatory, Prudential & Compliance

Drive and participate in oversight committees and forums relevant to specialised area of expertise, in order to monitor the implementation of the Risk Management Data Privacy Framework.

• Keep abreast of and analyse relevant legislative and regulatory developments in collaboration with key stakeholders such as Integrated Operational Risk, Compliance and Legal in order to inform the Risk Management Data Privacy Compliance Framework, to understand the implications for the organisation and to deliver expert advice in collaboration with key stakeholders such Integrated Operational Risk, Compliance, Group Legal and Local Data Privacy Officers.
• Lead and drive the digitisation, culture, data driven approach, monitoring and assurance activities and toolbox enablers to ensure the implementation and embeddedness of data privacy across the entire organisation
• Escalate all strategic and high-risk issues to the Chief Information Risk Officer to ensure these matters are dealt with timeously and as per the standards set out it in the Risk Management Compliance Framework.
• Provide view of regulatory Data Privacy landscape and provide fit for purpose Data Privacy Governance Documentation Universe for implementation by business areas.
• Recommend and advise on best privacy practices and controls for processes and systems for Client Segments and Client Solutions to effectively monitor and control adherence, conformance and compliance to all policies and standards as per the Governance Documentation Universe in order to ensure compliance with statutory and regulatory laws.
• Provide specialised advice to senior stakeholders across Client Segments, Client Solutions and Corporate Functions in collaboration with key stakeholders such as Integrated Operational Risk, Information Technology, Compliance and Legal on the required minimum standards, strategies, projects, plans, initiatives, reporting and other relevant activities to ensure compliance with all standards and legislative requirements.
• Develop and maintain a Data Privacy reporting mechanism that’s integrated into Information Risk reporting that will ensure efficient, high quality and consistent reporting is delivered as required to the relevant committees, forums and regulators.
• Leverage specialist knowledge to enable the enhancement, maintenance and implementation of the relevant part of the IR Governance Documentation Universe in order to significantly contribute to the assurance that business is undertaken in a compliant manner to avoid operational losses, fines, penalties or reputational damage.
• Implement, maintain and participate in effective governance structures in order to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies.
• Lead the implementation of the Risk Management Data Privacy Compliance Framework in collaboration with key stakeholders, pertaining to all products and services, across the bank to ensure that business is undertaken in a compliant manner to avoid operational losses, fines, penalties or reputational damage and enables the competitive advantage of the Bank.

Strategy

• Develop and maintain the Risk Management Data Privacy Compliance Framework – covering strategy, policy, process, procedures, standards, guidelines, training, objectives, metrics and governance – to ensure consistency of implementation and the alignment to the changing regulatory and legislative requirements across all relevant countries and jurisdictions and international best practices and standards. Where these are available from the Group, support with cascading the same.
• Generate strategies and alternative solutions to address changing regulatory requirements to inform the Risk Management Data Privacy Compliance Framework.
• Ensuring alignment to Information Risk strategy taking into consideration the management of Data Privacy Risk as a sub risk type of Information Risk.

Client

• Provide specialist advice and guidance to stakeholders and clients (Trusted Adviser) as it pertains to Data Privacy. Where necessary provide training to targeted business areas or internally. Engage in the appropriate forums and workshops to convey relevant matters to wider audiences when required. Design and dispense training and awareness initiatives pertaining to the Data Privacy Framework.

Data

• Contribute in recommending privacy requirements and controls to the governance & strategy of the Enterprise Data Office and Committee in adherence to the approved data standards.
• Provide guidance on the privacy controls on the collection, capturing and maintenance of data as it relates to personal information and will effectively guide critical business decisions as it pertains to Data Privacy.
• Deliver holistically on all the regulatory and internal reporting requirements so far as it relates to personal information.

Technology & Architecture

• Contribute in recommending privacy controls for the Technology Risk Management Plan in the context of the Data Privacy requirements. Contribute in recommending privacy controls to ensure privacy by design and privacy by default is considered in the design and implement phases of for the relevant technological enhancements.

Financial Management

• Identify opportunities to reduce costs.

People

• Build, develop and maintain relationships with the key internal and external stakeholders relevant to the Data Privacy area of specialisation.
• Leverage strong personal power across all stakeholders across all business units. Influencing stakeholders to adopt, embed and comply with the Data Privacy Framework is an essential outcome.
• Product
• Provide specialist advice, guidance and enhancement of controls to products, services, processes that relate to Data Privacy as the focus areas of the function. Ensure that Data Privacy Risk Management requirements are met.

Preferred Qualification and Experience

• First Degree in Information Technology; Legal; Computer Science or Bachelor of Commerce degree
• Certification CISSP; CISA; CRISC; CDPSE or any privacy-related or technology certification – at least one Mandatory
• Legal, Risk Management or Information Technology degree would be a minimum qualification requirement for this role as well as an appreciation of digital transformation and initiatives – Robotics; Innovation; Secure Development
• 4 – 6 years in risk management experience. The role requires a leader seasoned and expert in Legal and Risk Management with profound knowledge of the full dimensions of the field, but deep expertise in the relevant area of specialisation – Data Privacy. Regulatory environment savvy, a proven track record in influencing seasoned leaders and employees across multiple countries, Client Segments and Client Solutions to effectively implement Data Privacy Compliance Frameworks. Be able to quote the acts applicable to Data Privacy.

HOW TO APPLY

Submit your CV and Application on Company Website : Click Here

Closing Date : 20th May, 2021