Equity Bank Limited (The "Bank”) is incorporated, registered under the Kenyan Companies Act Cap 486 and domiciled in Kenya. The address of the Bank’s registered office is 9th Floor, Equity Centre, P.O. Box 75104 - 00200 Nairobi. The Bank is licensed under the Kenya Banking Act (Chapter 488), and continues to offer retail banking, microfinance and related services. The Bank has subsidiaries in Kenya, Uganda, South Sudan, Rwanda and Tanzania. Its shares are listed on the Nairobi Securities Exchange and Uganda Securities Exchange. Equity Bank was founded as Equity Building Society (EBS) in October 1984 and was originally a provider of mortgage financing for the majority of customers who fell into the low income population. The society’s logo, a modest house with a brown roof, resonates with its target market and their determination to make small but steady gains toward a better life, seeking security and advancement of their dreams. The vast majority of Africans have historically been excluded from access to financial resources. Having been declared technically insolvent in 1993, Equity’s transformation into a rapidly growing microfinance and then a commercial bank is widely considered to be an inspirational success story. Currently, Equity Bank has more than 9 million customers making it the largest bank in terms of customer base in Africa and having nearly half of bank accounts in Kenya. The company’s vision is "to be the champion of the socio-economic prosperity of the people of Africa”. Equity Bank retains a passionate commitment to empowering its clients to transform their lives and livelihoods. Through a business model that is anchored in access, convenience and flexibility, the Bank has evolved to become an all-inclusive financial services provider with a growing pan-African footprint. Equity Bank’s business model and its visionary leadership has continued to earn local, regional and global accolades and recognition. The model is also studied in some of the leading business schools in the world, as other developing countries in Africa and Asia seek to learn from Equity’s low margin, high-volume model. Equity Bank in 2010 established the Equity Group Foundation. This innovation and creative vehicle has fully transformed the concept of philanthropy and corporate social responsibility. While Equity Group Foundation champions the socio-economic transformation of the people of Africa and seeks partnerships along six cluster thematic areas, Equity Bank provides the infrastructure of delivery, hence reducing the operational costs for the Foundation and increasing the rate of return on any social investment. The six social thematic areas of focus are: education and leadership development; financial literacy and access; entrepreneurship; agriculture; health; innovations and environment. Make an enquiry todayROLE PURPOSE The ideal candidate will be an expert in global data protection laws and will be responsible for ensuring the organization processes personal data in a compliant and ethical manner. A key challenge will be to create a framework that enables lawful data sharing across our various business licenses and jurisdictions to create a seamless customer onboarding experience ("One Customer View") while upholding the highest standards of data privacy and security.  KEY RESPONSIBILITIES Strategy and Governance Develop, implement, and maintain the EBKL’s data protection strategy, policies, standards, and procedures. Establish a Bank-wide data governance framework, creating a central authority for all data protection matters. Serve as the primary point of contact for data protection authorities and other regulators on data.  Advise the Board and senior management on data protection and privacy matters, ensuring they are informed of their obligations, risks, and the strategic implications of regulatory changes. Oversee the creation and maintenance of a comprehensive data inventory and data flow maps for all personal data processed by EBKL and its third-party ecosystem. Compliance and Risk Management Monitor compliance with all relevant data protection laws (e.g., GDPR, Kenya Data Protection Act, etc.) and internal policies. Conduct and oversee Data Protection Impact Assessments (DPIAs) for new products, systems, and business processes, especially those involving data sharing across licenses (e.g., sharing bank KYC data with the insurance arm). Develop and manage a comprehensive record of all data processing activities (ROPA). Establish a framework for managing and responding to data subject requests (e.g., access, rectification, erasure) in a timely and compliant manner.  Act as the primary point of contact for all data protection authorities and regulators on data matters. Ensure all necessary registrations and notifications are made to the relevant data protection authorities. Oversee the management and review of data subject rights requests (e.g., access, rectification, erasure) to ensure they are handled efficiently and in compliance with the law. Identify, assess, and mitigate data protection risks across EBKL, and its third-party ecosystem. Ensure that third-party contracts and data sharing agreements have adequate data protection clauses and that due diligence is performed on all partners handling personal data. Data Sharing Enablement Design and implement legal and technical mechanisms to facilitate lawful and secure data sharing between EBKL and its stakeholders including third parties, stakeholders and related entities. Review the Intra-Group Data Sharing Agreements that clearly define the purpose, legal basis, and safeguards for sharing customer data to reduce onboarding friction. Advise the business on data anonymization, pseudonymization, and other privacy-enhancing techniques to minimize risk while achieving business objectives.  Incident Management Develop and manage EBKL data breach incident response plan. Lead the investigation, mitigation, and reporting of any data breaches or privacy incidents in collaboration with IT security and legal teams.  Develop and implement a data breach response plan and lead the investigation and reporting of any personal data breaches. Training and Awareness  Develop and roll out a mandatory data protection training program for all employees and contractors across the Bank. Promote a culture of "privacy by design" and data protection awareness throughout the organization. Provide expert advice and guidance to business units (Banking, Insurance, Mobile Payments, Foundation) on data protection best practices for their specific operations. Work closely with IT and Information Security teams to ensure that appropriate technical and organizational measures are in place to protect personal data. Establish metrics and reporting mechanisms to monitor the effectiveness of the data protection program and report on compliance to senior management and the Board. Partner with Group and other stakeholders in the engagement with regulators on draft regulations, providing insightful input to shape a practical and effective data protection framework. Qualifications Academic Qualifications And Experience Bachelor's degree in Law, Information Technology, or a related field. A Master's degree is a plus. Professional certification in data protection and privacy (e.g., CIPP/E, CIPT, CIPM, FIP) is required.  Minimum of 8-10 years of experience in a senior data protection role, preferably within a multi-jurisdictional financial services or technology organization. Expert knowledge of major global data protection regulations (especially GDPR and African data protection laws) and their practical application. Demonstrated experience in developing and implementing enterprise-wide privacy frameworks. Strong understanding of IT security controls and privacy-enhancing technologies. Key Competencies & Skills Expert Knowledge: In-depth knowledge of international data protection principles and regulations (e.g., GDPR) and specific knowledge of key African data protection laws. Demonstrated experience in developing and implementing enterprise-wide privacy frameworks. Strategic Thinking: Ability to develop and execute a long-term vision for data protection that aligns with the business Strategic objectives. Leadership & Influence: Strong leadership skills with the ability to influence and build consensus among senior executives, business leaders, and external stakeholders. Communication: Exceptional communication and interpersonal skills, with the ability to articulate complex legal and technical concepts to a non-expert audience. Stakeholder Management: Proven ability to build and maintain strong relationships with internal stakeholders, regulators, and industry bodies. Analytical & Problem-Solving Skills: Strong analytical skills to assess risks, interpret regulations, and develop pragmatic solutions. Integrity & Professionalism: High level of integrity and professional ethics.