• The ideal candidate will be an expert in global data protection laws and will be responsible for ensuring the organization processes personal data in a compliant and ethical manner. A key challenge will be to create a framework that enables lawful data sharing across our various business licenses and jurisdictions to create a seamless customer onboarding experience "One Customer View" while upholding the highest standards of data privacy and security.

Job Responsibilities/ Accountabilities/ Operational Efficiency:

• Strategy and Governance 
• Develop, implement, and maintain the Group’s data protection strategy, policies, standards, and procedures applicable across all 15 jurisdictions.
• Establish a group-wide data governance framework, creating a central authority for all data protection matters.
• Serve as the primary point of contact for data protection authorities and regulators in all operational jurisdictions.
• Compliance and Risk Management
• Monitor compliance with all relevant data protection laws e.g., GDPR, Kenya Data Protection Act, etc. and internal policies.
• Conduct and oversee Data Protection Impact Assessments DPIAs for new products, systems, and business processes, especially those involving data sharing across licenses e.g., sharing bank KYC data with the insurance arm.
• Develop and manage a comprehensive record of all data processing activities ROPA across the Group.
• Establish a framework for managing and responding to data subject requests e.g., access, rectification, erasure in a timely and compliant manner.
• Cross-Border Data Sharing Enablement
• Design and implement legal and technical mechanisms to facilitate lawful and secure data sharing between the banking, insurance, investment, and technology entities.
• Develop Intra-Group Data Sharing Agreements that clearly define the purpose, legal basis, and safeguards for sharing customer data to reduce onboarding friction.
• Advise the business on data anonymization, pseudonymization, and other privacy-enhancing techniques to minimize risk while achieving business objectives.
• Incident Management
• Develop and manage the Group's data breach incident response plan.
• Lead the investigation, mitigation, and reporting of any data breaches or privacy incidents in collaboration with IT security and legal teams.
• Training and Awareness
• Develop and roll out a mandatory data protection training program for all employees and contractors across the Group.
• Promote a culture of "privacy by design" and data protection awareness throughout the organization.

 Required Skills and Qualifications

• Bachelor's degree in Law, Information Technology, or a related field. A Master's degree is a plus.
• Professional certification in data protection and privacy e.g., CIPP/E, CIPT, CIPM, FIP is required.
• Minimum of 8-10 years of experience in a senior data protection role, preferably within a multi-jurisdictional financial services or technology organization.
• Expert knowledge of major global data protection regulations especially GDPR and African data protection laws and their practical application.
• Demonstrated experience in developing and implementing enterprise-wide privacy frameworks.
• Strong understanding of IT security controls and privacy-enhancing technologies