Data Privacy Specialist job at Absa Bank Limited
Website :
641 Days Ago
Linkedid Twitter Share on facebook

Vacancy title:
Data Privacy Specialist

[ Type: FULL TIME , Industry: Banking , Category: Data Science / Research ]

Jobs at:

Absa Bank Limited

Deadline of this Job:
22 February 2023  

Duty Station:
Within Kenya , Nairobi , East Africa

Summary
Date Posted: Tuesday, February 21, 2023 , Base Salary: Not Disclosed

Similar Jobs in Kenya
Learn more about Absa Bank Limited
Absa Bank Limited jobs in Kenya

JOB DETAILS:

Job Description
Data Privacy Specialist

Job Purpose
The job holder will be a member of Absa bank Kenya Information Risk Management & Data Privacy Team responsible for implementing the information risk and Data Privacy/Protection programs in Absa bank Kenya. The primary function of the role is to ensure information/Data is protected effectively and consistently with its criticality. Also ensuring that Audit, Regulatory and Governance requirements are realized in the Bank.

Main accountabilities
• Work with the Absa Kenya IRM team to build an implementation method for the IRM & Data Privacy policies
• Based on the Group design, the method will become the model for implementation across ARO, to ensure:
• Consistency of approach and interpretation where necessary
• Clear controls on exceptions where requested
• Businesses have clear communications channels for feedback and queries

Data Privacy Standards Implementation
• Consistent implementation of DP policy, data Standards and Procedures across the businesses.
• Maintain /Report Monthly Risk indicators
• Communications to emphasize the importance of Data Privacy
• Implement Absa operating framework for the management and control of Data Privacy in BAU
• Training and awareness, materials, from general awareness to subject matter experts.
• Publication of guidance on data privacy best practice.
• Data Privacy program Implementation
• Breach escalation.
• Implement and tracking of Data Privacy Training
• Provide Data Protection champions.
• Compilation and consolidation of Country DP risk profile
• Participating in new projects and products to check data privacy requirements
• Implementation of Logical Access Management Requirements
• Ensure PIAs are completed for new implementations, changes, projects and new products
• Review PIAs submitted by projects and product teams
• Review of submitted Data Privacy Related Dispensations, waivers and breaches
• Review and maintain a tracker on Data Privacy Related Dispensations, waivers and breaches
• Track country DP requirements implementation in respect of:
• Privacy notices roll out
• Personal Data lifecycle management (collection/creation, use/reuse, processing, storage/archiving & destruction)
• Personal data transfers & Further processing of personal data
• Direct marketing customer consent management
• Privacy related complaints.
• Data/Information security & safeguards.

Incident Management
• Implementation of completeness and validation controls in systems
• Implementation of required privacy controls within the system/processes/products in line with the PIAs prior to go-live
• Remediation of Data Quality issues/gaps affecting Data Privacy/Protection
• Implementation of approved Data Privacy Retention Schedule
• Execution of Data Subject processes

Records Management
• Monitor and report on Key Risk Indicators
• Guide the business in classification and categorization of records that contain personal Information
• Be a point of contact and give guidance to the business on Retention of Personal Information.
• Publication of guidance on privacy retention schedule

Data Leakage Protection
• Ensure the raised Data Leakage alerts that relates to Data Privacy are closed within SLA
• Give advice and guidance to other staff on how to secure and handle Personal Information

Controls & Risk Assessment
• Carry out Data Privacy reviews in sampled business units
• Facilitate the remediation and closure of all the issues picked regarding information
• Provide the information to create a threat profile.
• Clear controls on exceptions where requested
• Ensure the Businesses have clear communications channels for feedback and queries
• Publication of guidance on IRM best practice.

Issues and incident Management:
• Log and follow to closure the incidences reported within the business
• Report and escalate the incidences identified as per the DPIMS
• Maintain a data base of remediation issues identified and actions agreed, to ensure consistency of approach and common themes for reporting to ARO IRM team
• Identify remediation activity and agree action plans
• Consistency of approach and interpretation where necessary
• Ensure the implementation of and the monitoring of the Data Privacy Incident Management Standard within the Business
• Develop an implementation schedule for Business Units where required

Third Party Management
• Perform due diligence on all new 3rd Parties to ensure a duty of care is provided for data and information assets.
• Ensure risk is mitigated in accordance with policy and governance, and that regular reviews of risk are provided.
• Track Third party supplier obligations compliance on Data Privacy
• Review third party contracts for inclusion of DP requirements/schedules.
• Assess possibility of processing without transfer of personal data
• Ensure required exceptions to Binding Corporate Rules are considered and relevant BCR put in place
• Ensure embedment of Privacy notices

Policy, Audit & Regulatory translation
• Working with Information Risk Team, understand and enable group policy whilst ensuring local requirements are catered for.
• Monitor compliance of policy and standards and drive the closure of gaps.
• Communicate risk based policies and minimum standards and escalate approval of exceptions.
• Use risk management principles to safeguard Data Privacy, and the confidentiality, integrity and availability of information in accordance with the bank’s operating model and risk appetite.
• Be a custodian of Information Management in your locality

Project implementation in Kenya:
Work with line managers and local project teams to:
• Train them in the implementation methodology and their understanding of Data Privacy policies
• Adapt the methodology to fit the operating model of the local businesses
• Manage their queries - researched and answered promptly, and recorded on a data base
• Monitor their implementation v. plan, sample their deliverables, and challenge as appropriate
• Influence (but not run) new projects and provide steering to fix crucial Data Privacy Issues.
• Ensure that new projects follow the laid down process and Framework.
• Apply consistent Privacy risk indicators to all projects and identify those with high risk.

Collaborate with business units:
To ensure that:
• Each business adopts a consistent approach to policy implementation where necessary
• Their queries are managed - researched and answered promptly
• Each business submits a monthly progress report in an agreed format, and to an agreed standard of detail.

Training and Development
• Ensure that the mandatory Awareness Training program that promotes and embeds a risk and security awareness culture within the business is carried out in each business unit
• Develop training and awareness, materials, from general awareness to subject matter experts
• Ensure each business unit has appointed information Risk Management Champion
• Train the IRM champions on a yearly basis on Privacy Requirements.
• Ensure that New Joiners induction training includes Information Risk awareness.
• Monitoring of LMS training
• Conduct awareness as requested by units

Technical skills / Competencies
Education and Experience Required:
• A degree from a reputable learning institution.
• Professionally Certified (e.g. in CRISC, CISM, CISA) or CISSP or similar certification.
• Accredited in Information Management/Information Sciences of 5 years in Financial Services or related industry.
• 4 years experience, preferably in IT Security and Risk management related role.
• Experience fulfilling a consulting role.
• Proven relationship with executive management and communication skills.
• Extensive Microsoft office skills (Word, Excel, PowerPoint, etc.)
• Reasonable understanding of the principles, practices, and techniques related to Information Risk Management.
• Knowledge and understanding of the implications, to Absa, of the laws and regulations associated with Payment Card Industry, Data Security Services (PCI, DSS).
• Knowledge of wider aspects of risk control, operations and processes.
• Detailed understanding of the Risk assessment processes.
• Experience of a consultancy working style (i.e. used to working collaboratively across the business – essential for undertaking the assessment roles)

Competencies:
• Information Management
• Experience of developing IRM Standards - Basic
• Quality Focus - Competent
• Implementation Management - Competent
• Influencing – Competent
• Information Security - Expert
• Understanding of compliance requirements relating to records retention – Competent
• Experience of developing communication and training strategies – Competent
• Understanding of records management technologies – Competent
• Planning and organization – Competent
• Problem solving – Competent
• Detailed understanding of the principles, practices, and techniques related to Information Risk Management.
• Technical Security background and experience of working on application developments
• A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.
• Ability to influence senior management in relation to important Risk decisions.
• Proven leadership, relationship management and communication skills

Knowledge, Expertise and Experience
• Have core information risk management, confidence and a willingness to deliver.
• Good communication skills.
• Highly motivated and able to coordinate multiple activities across various disciplines.
• Experience of working in a financial organization would be beneficial.
• Awareness of operational risk disciplines, key risk indicators relevant to information risk and a business-focused approach to controls is also beneficial. However deep technical knowledge in any one discipline is not a requirement for this role.
• It is essential that the candidate has a resilient, flexible approach to work, as a pre-requisite for working effectively as part of Absa Information Management team.
• He or she must be prepared to turn their hand to support other requirements if needed, while ensuring that the core IRM responsibilities are maintained.
• A proactive and hands-on approach is essential to demonstrate that the value that this role and function can add to our organization.


Work Hours: 8


Experience in Months: 48

Level of Education:
Bachelor Degree

Job application procedure

Interested and qualified? Click here to apply


All Jobs

QUICK ALERT SUBSCRIPTION

Job Info
Job Category: Data, Monitoring, and Research jobs in Kenya
Job Type: Full-time
Deadline of this Job: 22 February 2023
Duty Station: Nairobi
Posted: 21-02-2023
No of Jobs: 1
Start Publishing: 21-02-2023
Stop Publishing (Put date of 2030): 21-02-2067
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.