At Sidian Bank, we recognize the significant accountability and inherent risks that an entrepreneur takes to make his ideas and dreams a reality. We are seeking a Data Protection & Privacy Officer to operationalize and maintain the Bank’s data privacy and protection framework, ensuring compliance with the Kenya Data Protection Act and other applicable requirements. The role involves overseeing personal data inventory, conducting privacy impact assessments, and managing data subject rights responses.
Key Responsibilities
Data Protection Compliance
Support implementation and day-to-day operation of the Bank’s Data Protection & Privacy Framework in line with the Kenya Data Protection Act and ODPC guidance.
Assist the Data Protection Officer (DPO) in maintaining regulatory compliance.
Support the administration and updating of data protection policies, standards, procedures, and guidelines.
Data Inventory & Mapping
Maintain the Bank’s Register of Processing Activities (RoPA).
Coordinate periodic data mapping exercises across systems, vendors, and business units to ensure completeness and accuracy.
Maintain and monitor data retention schedules for compliant disposal of records.
Privacy Impact Assessments
Conduct and document Data Protection Impact Assessments (DPIAs) for new products, systems, outsourcing arrangements, and process changes.
Track implementation of privacy risk mitigation actions.
Data Subject Rights Management
Coordinate responses to data subject requests (access, correction, deletion, objection).
Ensure statutory timelines and documentation requirements are met.
Assist in preparing reports, presentations, and compliance dashboards.
Monitoring & Assurance
Monitor compliance with privacy policies, consent requirements, data retention schedules, and cross-border data transfer controls.
Support internal audits, regulatory reviews, and compliance assessments relating to data protection.
Support the performance of third-party risk assessments and coordinate the tracking/closure of identified data privacy risks.
Assess and identify data privacy risks for both existing and new projects (Privacy by Design and Privacy by Default).
Training & Awareness
Deliver data protection and privacy awareness training to staff.
Provide practical guidance to business units on handling personal data securely.
Conduct research on emerging privacy trends and regulatory updates.
Incident Management
Support investigation and documentation of data breaches and privacy incidents.
Assist with regulatory notifications and internal reporting where required.
Requirements
Academic: Bachelor’s degree in Law, Information Systems, Computer Science, Business, Risk Management, or a related discipline.
Professional: Certification or formal training in Data Protection & Privacy (e.g., DPO Certification, GDPR/Data Protection short courses). Membership with data protection bodies is an added advantage.
Experience: 2–4 years’ experience in data protection, compliance, IT risk, legal compliance, or information security, preferably within a regulated financial institution.
Specific Knowledge: Demonstrated exposure in Kenya Data Protection Act requirements, data mapping, and privacy impact assessments (DPIAs).
How to Apply
Interested and qualified candidates should apply online via the Sidian Bank careers portal at sidianbank.co.ke.
How to Apply
Interested and qualified candidates should visit the Sidian Bank application portal to submit their application: https://www.myjobmag.co.ke/apply-now/1162058. Ensure you complete the process on the official Sidian Bank website as directed.
.png){kind=logo}
.jpg){kind=logo}
