Summary:

The ideal candidate should be a qualified lawyer with a minimum of 6 years legal experience. A strong background in data protection and privacy is desired to provide the necessary legal and technical support required to establish and maintain the university’s Data governance framework and ensure the personal data of staff, students, customers, service providers or other individuals is safeguarded. Preference shall be given to those who are already undertaking a similar role in a different organization.

This position will report to the Director-Legal Services, and the primary emphasis will be on data protection and privacy.

Job purpose

The selected candidate will have the responsibility of establishing and maintaining the University’s Data governance framework and ensuring the safeguarding of personal data for staff, customers, service providers or any other individuals.

KEY RESPONSIBILITIES/TASKS/DUTIES:

LEADERSHIP AND STAKEHOLDER MANAGEMENT

• To seek, develop and maintain relationships with the Office of the Data Protection Commissioner, relevant regulators and other key stakeholders.
• To assist and guide staff & Management in responding to enquiries or requests from regulators (ODPC), data subjects and other stakeholders as appropriate.
• To organize and participate in training and awareness programs for staff and other stakeholders on campus on relevant Data Protection & Privacy requirements and obligations.
• To promote a culture of Data Protection & Privacy by design and by default in the university.

OVERSIGHT COMPLIANCE WITH ALL DATA PROTECTION & PRIVACY AND RELATED REQUIREMENTS

• Act as the public facing function representing the interests of Data subjects as well as supervise and advice the university on the response to such requests.
• To develop and maintain a mapping of data processing points in all the university’s operating /functional areas.
• To ensure Data Protection and Privacy policy availability by publishing on the intranet for employees and independent contractors to access and providing it to all contracted third parties (processors) who process personal information on the university’s behalf or in terms of a contractual agreements with the university.
• To manage third party data protection risks.
• To monitor and ensure compliance with the Data protection laws and policies that the university is subject to.
• To research and keep abreast of any changes to relevant laws and regulations and prepare regular updates to Management, the University Council, University Senate and the Board of Trustees.

REPORTING

• To prepare regular update reports on the data protection compliance program to the Director- Legal Services and the Management Board and/or those of relevant stakeholders.
• Support the Director – Legal Services in preparation of update reports on the Data Protection Privacy compliance program.
• Supporting data incident response and data breach notification procedures.
• Providing updates on matters related to compliance with statutory and regulatory requirements.
• To facilitate the provision of ad-hoc reports and or information to the regulators as and when required.

KEY RELATIONSHIPS

Key internal stakeholders

• University Council Executive Committee & Audit & Risk Committee;
• Management Board;
• Legal;
• Chief Manager, Risk ;
• ICT, HR, Finance, Admissions & University Registrar;
• Heads of Department.

Knowledge: Skills and Experience Required for The Role

• Minimum 6 Years Experience within Legal function with specific focus on Data Protection & Privacy.
• Sound Working Knowledge of The Data Protection Act,2019 and Other Relevant and Applicable laws, regulations.
• Minimum of Bachelor’s Degree in law.
• Experience in developing Policies and compliance.
• Experience in reviewing contracts with third parties.
• Good understanding of data processing operations, including the information systems data protection needs of an institution.
• Experience in managing data incidents and breaches.
• Professional Data Protection and/or Privacy certification is a pre- requisite.

Competencies required for this role

• Ability to work unsupervised, exercise leadership, and influence change.
• Excellent writing and presentation skills.
• Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
• Demonstrated ability to undertake large, long term projects, develop alternative methods to complete them.
• Detail-Oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
• Ability to handle confidential and sensitive information with the appropriate discretion and ethics.
• Leadership & Executive Disposition - Ability to lead a team and engage at Management and Board level.
• Ability to prepare and facilitate training as a subject matter expert (SME).
• Planning and organizational skills.
• Learning and researching.

Salary Scale

The consolidated pay for this position ranges from Kshs. 200,000/= to Kshs. 250,000/= with other prevailing University benefits.

The close of business 12th March 2025.