Jubilee Insurance have an exciting career opportunity for a Data Protection Officer within Jubilee Life Insurance Limited. The position holder will report to the Manager-Regulatory Affairs and will be based at our Head Office in Nairobi.

Role Purpose

The purpose of this role is to establish, implement and enforce a robust Data Protection and compliance framework and systems (policies, processes, and tools) to ensure that Jubilee Insurance companies are compliant with the Data Protection Act and Regulations.

Main Responsibilities

Strategy

• Collaborate with senior management and other key stakeholders to implement the strategic direction for Data Protection Function with the Life Company. This involves analysing market trends, assessing industry dynamics, and identifying opportunities for improvement and growth.
• Keep abreast of regulatory developments and industry initiatives and advise management accordingly.
• Data Privacy Impact Assessments: Conduct privacy impact assessments for new products, processes, or systems that involve the collection and processing of personal data.
• Data Retention Policies: Develop and enforce data retention policies to ensure data is retained only for the necessary period and in accordance with legal requirements.

Operational

• Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
• Guiding the various Companies, their departments, and all support functions on implementation of Data Protection Act 2019 requirements and supporting them to ensure compliance with the Act.
• Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
• Conducting audits to ensure compliance, accountability and address potential issues proactively.
• Serving as the Data Protection Officer and point of contact between the Companies, the Data Commissioner and other Regulatory
• Authorities and co-operating with them during inspections by answering any complaints or queries raised with regards to Data Protection.
• Monitoring performance and adherence to the requirements of the regulation while providing advice on the data protection impact assessment.
• Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including
  the purposes of all processing activities, which must be made public on request.
• Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, measures the companies and support functions have put in place to protect personal and/or sensitive information and raise awareness on all of the above.
• Advising and recommending to the institutions/support functions and their employees on the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
• Handling queries or complaints internally or externally regarding data confidentiality and use.
• Providing status updates to the Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements.
• Data Protection Regulations: Developing together with the business and support functions, carrying out impact assessments, data protection policies, guidelines, and processes to ensure that compliance is consistent and in line with the Data Protection Act.
• Creating an Information Base: Guide and support on the creation of an information base on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization.
• Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance.
• Support the business in preparation of digital and other privacy statements as may be required for the institutions and supporting functions and ensure processes are put in place for the institutions/support functions to collect consents from the relevant data subjects and partners, have relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
• Preparing an annual work programme at the beginning of each year for the upcoming year for the sign-off by the institution.
• Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required.

Corporate Governance

• Compliance: Stay updated on industry regulations, compliance requirements, and best practices.
• Adherence to the laws and regulations of Kenya, the policies and regulations within the insurance industry and all internal company policies and procedures.
• Ensuring compliance with applicable statutory and regulatory requirements and establishing mitigation measures against emerging business risks.
• Implement effective risk management strategies, including appropriate internal controls, to mitigate operational, financial, and regulatory risks.

Leadership & Culture

• Fostering a corporate culture that promotes ethical practices and good corporate citizenship while maintaining a conducive work environment.
• Collaborate with cross-functional teams to develop initiatives that promote a positive and inclusive company culture.
• To provide the much-needed transformational leadership to meet and surpass the expectations of stakeholders.
• Set performance targets and objectives, monitor progress, and ensure timely completion of activities.
• Conduct regular team meetings and training sessions to enhance skills and knowledge.

Key Competencies

• In-depth knowledge of life insurance regulations and industry practices.
• Strong understanding of AML, KYC integrity, and Data Privacy requirements.
• Analytical and problem-solving skills to assess and address compliance risks.
• Excellent communication and interpersonal skills to educate and advise stakeholders.
• Ability to collaborate effectively with cross-functional teams.
• Detail-oriented with strong organizational and time management abilities.
• Proactive approach to staying updated on regulatory developments.
• Leadership and influencing skills to drive data protection compliance initiatives across the organization.

Qualifications

• Bachelor of Laws or any other related field
• Para Legal Diploma from the Kenya School of Law
• Privacy Professional Certifications provided by the International Association of Privacy Professionals (IAPP) such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/ Information Technology (CIPP/IT)

Relevant Experience

• Minimum 3-4 years’ experience within the data protection sector, risk management and compliance space.
• In-depth knowledge of life insurance industry.
• Proven track record of successfully implementing strategic initiatives and driving process improvements.

How to apply

If you are qualified and seeking an exciting new challenge, please apply via Recruitment@jubileekenya.com quoting the Job Reference Number and Position by 26th April 2024. Only shortlisted candidates will be contacted. Learn more here.