The Co-operative Bank of Kenya Limited is incorporated in Kenya under the Company Act and is also licensed to do the business of banking under the Banking Act. The Bank was initially registered under the Co-operative Societies Act at the point of founding in 1965. This status was retained up to and until June 27th 2008 when the Banks Special General Meeting resolved to incorporate under the Companies Act with a view to complying with the requirements for listing on the Nairobi Securities Exchange (NSE). The Bank went public and was listed on December 22nd 2008. Shares previously held by the 3,805 Co-operative Societies and unions were ring-fenced under CoopHoldings Co-operative Society Limited which became the strategic investor in the Bank with a 64.56% stake. The Bank runs three subsidiary companies, namely: Kingdom Securities Limited: This is a stockbroking firm with the bank holding a controlling 60% stake. Co-opTrust Investment Services Limited: This is the fund management subsidiary wholly-owned by the bank. Co-op Consultancy & Insurance Agency Limited (CCIA): This is the corporate finance, financial advisory and capacity-building subsidiary wholly-owned by the bank. Our Vision To be the dominant bank in Kenya and the region, riding on the unique Co-operative Model providing innovative financial solutions for distinctive customer experience. Our Mission To offer a wide range of innovative financial solutions leveraging on our heavy investment in multi-channels, national and regional presence and with a focus on excellent customer experience by a highly motivated and talented team. Our Values We are Trustworthy We are Innovative and Agile We Value our Customers/People We Share and Collaborate We have Passion for Excellence We are Bold and courageous. The Role The successful jobholder will be expected to: Ensure that staff, customers, vendors, or any other individuals’ data is collected only where there is a lawful basis for processing. Maintain and update data protection policies and procedures. Oversee the development and implementation of the Data Protection Impact Assessments in line with data privacy laws. Oversee the management of data retention policies to demonstrate data protection compliance. Evaluate the existing data protection framework, identify areas of non or partial compliance, and rectify any issues. Develop and implement solutions to ensure privacy policies are correctly implemented. The solutions should comply with legal requirements of data use and meet business data needs. Collaborate with data product development teams creating new uses of data that employ privacy features. Analyze design for new data streams with a goal of developing technical solutions and systems to help mitigate privacy vulnerabilities and prevent potential future privacy risks. Responsible for assisting with the management of data privacy, data protection, data usability, performance and the integrity of the privacy solution. Identify areas of improvement in local practices related to managing data privacy. Establish strategic partnerships with various business units to communicate data protection activities effectively. Foster partnerships with industry stakeholders to discover and share leading practices in data protection, incorporating them into the bank for continuous improvement while staying informed about industry and regulatory developments. Conduct data privacy audits on bank departments and units to ensure compliance with the Data Protection Act 2019 and follow up on closure of any identified gaps. Collaborate with the Office of the Data Protection Commissioner on data protection matters, including registration, response to notices, audits, reporting and containment of data breaches as outlined in the Data Protection Act (2019). Attend data protection conferences and webinars to stay updated on best practices. Qualifications, Skills & Attributes The successful jobholder will be required to possess the following qualifications: A degree in information management, law, data management, social sciences or other related fields is preferred (or equivalent on-the-job experience). Knowledge of Data Protection laws and regulations. Experience in managing data incidents and breaches. Good understanding of data processing operations, including information systems, data security and data protection needs of an institution. A minimum of 5 years of business experience, with 3 years being in data management, compliance, risk or information management environment. Familiarity with the major data protection and governance tools and products available in the market as well as expertise or at least familiarity with data privacy solutions. Well-developed, professional interpersonal skills; ability to interact effectively with people at all levels. Ability to handle confidential and sensitive information with appropriate discretion and ethics. Strong coordination and project management skills to handle complex projects. Data privacy certification will be an added advantage.