Current Vacancy: Data Privacy Lead

Role Purpose:

Reporting to the EHOD – Compliance, the position holder will proactively engage regulators and other stakeholders to embed tailored, timely data privacy capabilities across Safaricom Ethiopia. Independently review and offer advice on data governance, processing activities, and/or data breaches.

Monitor compliance with applicable national and international laws and regulations pertaining to data protection and privacy, and work with teams to close gaps identified. Proactively support all efforts towards regulator engagement, registration, breach notification, and reporting. Provide appropriate policies and guidelines to establish and maintain data protection compliance. Contribute towards establishing a strong culture of data protection across stakeholders through appropriate training and awareness.

Key Responsibilities:

• Creating tailored data privacy and protection training campaigns and awareness sessions.
• Obtaining overall data/information process map/flow in products, assets, processes, services, and critical auxiliary systems.
• Ensuring the development and implementation of high-risk guiding frameworks, i.e., Policy, Procedure, and Processes to manage data subject information (Customer, Employee, Candidates, and Suppliers).
• Executing customized implementation of Global Data Protection Regulation (GDPR) through Risk Control Matrix (RCM).
• Creating Compliance Risks Management Plan (CRMP) to capture regulatory requirements.
• Consulting, assisting, and aligning with business unit needs regarding data processing activities.
• Applying a proactive mechanism to tackle high and medium privacy risks through effective Data Protection Impact Assessments (DPAI), Legitimate Impact Assessments (LIA), Human Impact Assessments (HIA), and Transfer Impact Assessments (TIA).
• Enhancing the first line business operation by developing and enforcing Data Subject Requests (DSRs).
• Periodically reporting the overall program implementation to the Executive Committee.
• Creating an enabling environment to work closely with cybersecurity and technology standards, i.e., ISO27001 Framework.
• Embedding data protection clauses in Master Procurement Agreements (MPA) with vendors to manage legal and regulatory risks.
• Enforcing Data Processing Agreements (DPAs) to control outsourcing risks when exporting data processing activities to third parties.
• Conducting third-party risk assessments.

Core Competencies, Knowledge, and Experience:

• Job Knowledge:
  • Above average knowledge of all aspects of general compliance.
  • Knowledge of GDPR and local data protection legislation.
  • Knowledge of information management.
  • Knowledge of Generally Accepted Compliance Practice and principles of good governance.
  • Compliance management.
  • Good knowledge of Data Governance, Data Flow Management, and Data Security.

Job Related Skills:

• Integrity
• Analytics
• Critical thinker
• Communication
• Decisive
• Good interpersonal skills
• Assertive

Job Attributes:

• Presenting and Communicating Information
• Writing and Reporting
• Relating and Networking
• Deciding and Initiating Action
• Applying Expertise and Technology
• Learning and Researching
• Planning and Organizing

Qualifications:

• Bachelor’s degree in Law, Information Management, Business, or IT Security from a recognized university.
• 5 - 7 years of experience in data protection, information management, data governance, or information security management.

Desired:

• Master’s degree in information security, Law, or other related fields will be advantageous.
• Certificate in Compliance Management (advantageous).

Skills Required:

• Computer / Software / It / Data