Job Purpose 

To lead the implementation of the Stanbic Bank Kenya Information Risk policy as it relates to the holistic approach to Information Risk Management. To ensure country compliance with applicable Privacy laws, regulations, and industry standards. To provide oversight of the implementation of the Data Privacy Compliance Framework across all business units in the bank.

Key Deliverables 

Risk, Regulatory, Prudential & Compliance

• Information Risk Governance: Developing and implementing the information risk and data privacy policies, standards and practices to safeguard the Bank’s information and in response to changing regulations and evolving threats.
• Risk assessment: Identifying and assessing information risks including data privacy risks and take measures to mitigate them.
• Compliance: Ensuring that the Bank adheres to the Kenya Data Protection Acy of 2019 and other relevant data privacy regulations and good practices.
• Privacy impact assessments: Evaluating the impact of changes and processes on data privacy and providing recommendations including regulatory reporting as guided by the ODPC Regulations.
• Third parties: Assessing third party vendors’ data protection practices and ensuring they comply with the Bank’s standards.
• Act as the central contact point on matters data privacy and co-operate with the Data Commissioner and any other authority on matters relating to data protection.
• Facilitate capacity building of staff and other stakeholders involved in data processing operations within the organisation.
• Reporting: Providing regular reports to senior management on the organization’s data privacy posture.
• Data governance: Overseeing data classification, retention and disposal practices to maintain data integrity and compliance.
• Incident management: Developing and maintaining an incident response plan to address data breaches including reporting to relevant stakeholders.
• Legal liaison: Collaboration with the Bank’s legal department to ensure compliance with data privacy laws and regulations.
• Act as the central contact point on matters data privacy and co-operate with the Data Commissioner and any other authority on matters relating to data protection.
• Escalate all strategic and high-risk issues to the Chief Information Risk Officer to ensure these matters are dealt with timeously and as per the standards set out it in the Risk Management Compliance Framework.
• Monitoring and documentation and notification on data Breaches to both the regulator and the data subjects.
• Ensure that the Bank maintains an up to date inventory of all data and information assets within the organization as per the Bank’s information risk framework.
• Access control: Provide an oversight role and report on the effectiveness of the Bank’s compliance to access management related policies.
• Data mapping: Creating data flow diagrams and data maps to track the movement of information assets and identify potential points of data leakage.
• Lead and drive the digitisation, culture, data driven approach, monitoring and assurance activities and toolbox enablers to ensure the implementation and embeddedness of information risk management and data privacy across the entire organisation.
• Keep abreast of and analyse relevant legislative and regulatory developments in collaboration with key stakeholders such as Non-Financial Risk, Compliance and Legal & Governance in order to inform the Risk Management Data Privacy Compliance Framework, to understand the implications for the organisation and to deliver expert advice in collaboration with key stakeholders such Non-Financial Risk, Compliance, Group Legal and Local Data Privacy Officers.
• Track to closure all action plans arising from risk assessments, ops risk reviews, internal and external audits, and regulatory inspections to improve the IT and Cyber risks and control environment.

QUALIFICATIONS

Minimum Qualifications

Education Level

• Bachelor’s in Computer science, Information Systems or related discipline or a related discipline
• Relevant Masters Degree (added advantage)
• CISSP; CISA; CISM; CRISC; CDPSE or any privacy related or data privacy certification(s) – at least ONE Mandatory
• Risk Management qualification
• Information security risk certification.
• CCNA certification

Experience Required

Knowledge Required

• Practical knowledge of risk and control frameworks and application in financial services industry preferably in banking.
• Experienced risk manager. 7+ years of experience working as a senior risk management professional preferably in the Financial Services Sector.
• Project management skills to execute risk related projects effectively and the ability to resolve conflicts.
• Subject matter expert on information risk management, with knowledge of industry leading practices
• Ability to promote strong teamwork and leadership behaviors within the department/function and across the Bank.
• Effective communicator with excellent written and verbal presentation skills to a wide variety of senior managers across the Bank.

ADDITIONAL INFORMATION

Behavioral Competencies:

• Adopting Practical Approaches
• Articulating Information
• Challenging Ideas
• Checking Details
• Developing Strategies
• Documenting Facts
• Embracing Change
• Establishing Rapport
• Examining Information
• Exploring Possibilities
• Following Procedures
• Generating Ideas
• Managing Tasks
• Resolving Conflict
• Taking Action
• Team Working
• Upholding Standards

Technical Competencies:

• Analysing Insurable Risk
• Automation Acumen
• Automation Delivery
• Automation Enablement
• Automation
• Business Continuity and Disaster Recovery Planning
• Business Process Design
• Business Process Improvement
• Client Relationship Management
• Collaboration
• Compliance
• Continuous Improvement
• Creative Problem Solving
• Data Analytics & Visualization
• Data Architecture
• Data Compliance
• Evaluating Risk Management Effectiveness
• Information Management
• Information Security Management
• Knowledge Management
• Legal Compliance
• Legal Knowledge
• Legal Research
• Operations Risk Management
• Product and Services Knowledge
• Risk Awareness
• Risk Identification
• Risk Management
• Solution Design & Enablement
• Strategic Alignment & Execution