Madison Group Limited is a locally owned financial services holding company that specializes in Insurance and wealth management services. The Group comprises of Madison Life Assurance Kenya Limited, Madison General Insurance Kenya Limited, and Madison Investment Managers Limited. Madison Life Assurance Kenya was originally incorporated under Kenyan Laws in 1988 as Madison Insurance Company Limited (MICK) after a successful merger between Crusader Plc (1974) and Kenya Commercial Insurance Corporation.
Role Purpose
The purpose of this role is to establish, implement and enforce a robust group-wide Data Protection Compliance framework and systems to ensure the Group and its subsidiaries are compliant with the Data Protection Laws and regulations. The job holder will be a member of the Data Protection Technical Committee (DPTC) responsible for implementing Information Risk and Data Protection programs with the Group.
Duties and Responsibilities:
- Advise the Group and employees on data processing requirements provided under this Act or any other written law;
- Ensure, on behalf of the Group, that the Data Protection Act is complied with;
- Facilitate capacity building of staff involved in data processing operations;
- Provide advice on data protection impact assessment;
- Co-operate with the Data Commissioner and any other authority on matters relating to data protection;
- Defining a Group Data Protection compliance program;
- Champion Data Protection compliance;
- Develop data protection implementation plan and strategies;
- Interpreting data in relation to data protection laws;
- Analyzing and classifying data on behalf of the Group;
- Identifying patterns and trends in data sets;
- Regularly Conduct Data Protection Impact Assessment;
- Implementing an effective compliance training program on data protection;
- Identify, analyze, and interpret trends or patterns in complex data sets;
- Coordinate Reporting of data breaches to the data protection commissioner;
- Respond to all data protection queries on behalf of the Group;
- Issue and respond to any notice on data breach;
- Work with the Data Protection Committee to align data protection policies with the relevant laws;
- Work with management to prioritize business and information security needs;
- Identify and define new process improvement opportunities on data protection;
- Develop, monitor, and update detailed data protection policies and procedures;
- Report on compliance gaps noted and ensure that the needed improvements are recommended;
- Work with the compliance and legal teams to ensure full compliance with all data protection laws;
- Promote a culture of data protection across all departments of the organization.
Qualifications and Experience:
- Bachelor’s Degree in Computer Science, Information Technology or Law from a reputable institution;
- Knowledge on Data Protection Act & General Data Protection Regulations (GDPR) is an added advantage;
- Professional certifications in (e.g. CISA, CISM) or CISSP or a similar certification;
- Professional certification in privacy such as CIPP;
- Minimum of 3 years’ experience in an IT security, risk management, compliance, audit, or data protection officer role, preferably within the financial services industry.
