Job summary:
The ideal candidate should be a qualified lawyer with a minimum of 3-5 years’ legal experience. A strong background in data protection and privacy is desired to provide the necessary legal and technical support required to establish and maintain the university’s Data governance framework and ensure the personal data of staff, students, customers, service providers or other individuals is safeguarded.
This position will report to the Director-Legal Services, and the primary emphasis will be on data protection and privacy.
Key Responsibilities/Tasks/Duties:
Specific tasks and job duties of this position include:
Leadership and Stakeholder Management
- To seek, develop and maintain relationships with the Office of the Data Protection Commissioner, relevant regulators and other key stakeholders.
- To assist and guide staff & Management in responding to enquiries or requests from regulators (ODPC), data subjects and other stakeholders as appropriate.
- To organize and participate in the training and awareness programs for staff on the relevant Data Protection & Privacy requirements and obligations.
- To promote a culture of Data Protection & Privacy by design and by default in the university.
Oversight compliance with all data protection & privacy and related requirements
- Act as the public facing function representing the interests of Data subjects as well as supervise and advice the university on the response to such request.
- To develop and maintain a mapping of data processing points in all the university’s operating /functional areas.
- To ensure Data Protection and Privacy policy availability by publishing on the intranet for employees and independent contractors to access and providing it to all contracted third parties (processors) who process personal information on the university’s behalf or in terms of a contractual agreements with the university.
- To manage third party data protection risks.
- To monitor and ensure compliance with the Data protection laws and policies that the university is subject to.
- To research and keep abreast of any changes to relevant laws and regulations and prepare regular updates to Management, the University Council, University Senate and the Board of Trustees.
Reporting(20%)
- To prepare regular update reports on the data protection compliance program to the Director- Legal Services and the Management Board and/or those of relevant stakeholders.
- Support the Director – Legal Services in preparation of update reports on the Data Protection Privacy compliance program.
- Supporting data incident response and data breach notification procedures.
- Providing updates on matters related to compliance with statutory and regulatory requirements.
- To facilitate the provision of ad-hoc reports and or information to the regulators as and when required.
- Teach at undergraduate level in the specific areas of specialization as listed above.
- Support and mentor students in their career endeavors.
- Participate in curriculum development activities to ensure that the programs are up-to-date and marketable.
- Participate in program assessment and reviews.
- Consult with students during scheduled office hours.
KEY RELATIONSHIPS
Key internal stakeholders
- University Council Executive Committee & Audit & Risk Committee;
- Management Board;
- Legal;
- Chief Manager, Risk ;
- ICT, HR, Finance, Admissions & University Registrar;
- Heads of Department.
Minimum Qualifications /Educational/Professional Experience:
- Minimum Three Years’ Experience within Legal function with specific focus on Data Protection & Privacy.
- Sound Working Knowledge of The Data Protection Act,2019 and Other Relevant and Applicable laws, regulations.
- Minimum of Bachelor’s Degree in law.
- Experience in developing Policies and compliance.
- Experience in reviewing contracts with third parties.
- Good understanding of data processing operations, including information systems data protection needs of an institution.
- Experience in managing data incidents and breaches.
- Professional Data Protection and/or Privacy certification is a pre- requisite.
Personal Attributes & Competencies:
- Ability to work unsupervised, exercise leadership, and influence change.
- Excellent writing and presentation skills.
- Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
- Demonstrated ability to undertake large, long term projects, develop alternative methods to complete them.
- Detail-Oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
- Ability to handle confidential and sensitive information with the appropriate discretion and ethics.
- Leadership & Executive Disposition - Ability to lead a team and engage at Management and Board level.
- Ability to prepare and facilitate training as a subject matter expert (SME).
- Planning and organizational skills.
- Learning and researching.
Dateline: Sunday, October 27, 2024
Education: Degree, Diploma
Employment Type: Full Time
Contact Information
Name: Hiring Kenya