The purpose of this role is to establish, implement, and enforce a robust group-wide Data Protection Compliance framework and systems to ensure the Group and its subsidiaries are compliant with the Data Protection Law and regulations.

The job holder will be a member of the Data Protection Technical Committee (DPTC) responsible for implementing Information Risk and Data Protection programs with the Group.

• Advise the Group and employees on data processing requirements provided under this Act or any other written law;
• Ensure on behalf of the Group, that the Data Protection Act is complied with;
• Facilitate capacity building of staff involved in data processing operations;
• Provide advice on data protection impact assessment;
• Co-operate with the Data Commissioner and any other authority on matters relating to data protection;
• Defining a Group Data Protection compliance program;
• Champion Data Protection compliance;
• Develop data protection implementation plan and strategies;
• Interpreting data in relation to data protection laws;
• Analyzing and classifying data on behalf of the Group;
• Identifying patterns and trends in data sets;
• Regularly Conduct Data Protection Impact Assessment;
• Implementing an effective compliance training program on data protection;
• Identify, analyze, and interpret trends or patterns in complex data sets;
• Coordinate reporting of data breaches to data protection commissioner;
• Respond to all data protection queries on behalf of the Group;
• Issue and respond to any notice on data breach;
• Work with the Data Protection Committee to align data protection policies with the relevant laws;
• Work with management to prioritize business and information security needs;
• Identify and define new process improvement opportunities on data protection;
• Develop, monitor, and update detailed data protection policies and procedures;
• Report on compliance gaps noted and ensure that the needed improvements are recommended;
• Work with legal team to ensure full compliance with all data protection laws;
• Promote a culture of data protection across all departments of the organization.

• Bachelor’s Degree in Computer science, information technology or law from a reputable institution;
• Knowledge of Data Protection Act & General Data Protection Regulations (GDPR) is an added advantage;
• Professional certifications in (e.g. CISA, CISM) or CISSP or similar certification;
• Professional certification in privacy such as CIPP;
• Minimum of 3 years experience in an IT security, risk management, compliance or audit-related role, preferably within the insurance or banking industry at a senior level.

Qualified candidates are requested to forward their applications together with their CVs and copies of documents to the Group HR Manager on hr_recruitment@madison.co.ke not later than 31^st March 2022.