Data Privacy Officer
Job details
Kora is the marketplace for everything payments. We offer a robust payment API for payment collections, disbursements and conversions for businesses anywhere in Africa. Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers. We are committed to delivering reliable, secure, and easy-to-use digital financial solutions to every single customer with a guarantee that it is improving their lives. To achieve this mission, we need people like you. We strongly believe in our ability to find Water in the Desert and pick the Sands in the Ocean. We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background. About The Role As the Data Privacy Officer at Kora, you will play a critical role in ensuring that Kora maintains the highest data protection and privacy standards. You will be responsible for overseeing our data privacy program, ensuring compliance with relevant laws and regulations, and implementing best practices for data protection. Additionally, you will develop and implement a comprehensive data privacy program, conduct regular audits and assessments, and provide guidance and training to employees. The Data Privacy Officer will also serve as the primary point of contact for data protection authorities and will be responsible for managing data protection inquiries and requests. They will work closely with the Information Security and Legal teams to ensure that data protection requirements are met across the organization. They will monitor changes in data protection laws and regulations and will update policies and procedures accordingly. In the event of a data breach or incident, the Data Privacy Officer will investigate and respond promptly to mitigate any potential harm. Requirements
Here are a couple of things you'll be doing:
- Develop and implement a comprehensive data privacy program in line with relevant laws and regulations, such as GDPR and NDPA.
- Collaborate with internal teams to ensure that data protection and privacy requirements are integrated into designing and implementing new products and services.
- Conduct regular audits and assessments to identify and mitigate privacy risks.
- Conduct privacy impact assessments (PIAs) to assess and mitigate privacy risks associated with new projects or initiatives.
- Develop and implement policies and procedures for data protection and privacy.
- Provide guidance and training to employees on data protection best practices.
- Serve as the point of contact for data protection authorities and manage data protection inquiries and requests.
- Monitor changes in data protection laws and regulations and update policies and procedures accordingly.
- Work closely with the Information Security team to ensure data protection requirements are met.
- Collaborate with the Legal team to review and negotiate data protection and privacy terms in contracts with third-party vendors and partners.
- Stay abreast of industry trends and best practices in data protection and privacy, and provide recommendations for continuous improvement of the data privacy program.
- Prepare and present regular reports to the Management team on the status of the data privacy program and any identified risks or issues.
- Investigate and respond to data breaches and incidents on time.
- Conduct comprehensive due diligence on existing and prospective third-party partners/vendors, assessing their compliance standards, cybersecurity measures, and overall risk exposure.
- Develop and maintain a standardized risk assessment framework, including criteria for evaluating potential risks associated with third-party relationships
- Monitor third-party vendors’ compliance with established policies, regulatory requirements, and risk management controls.
- Implement strategies to mitigate risks, such as contractual obligations, service level agreements (SLAs), and periodic vendor reviews
- Continuously improve the organization’s third-party risk management framework, integrating best practices and adapting to evolving risks and regulations.
- Ensure all third-party risk management processes align with relevant regulatory requirements (e.g., GDPR) and industry standards
- Prepare and present risk reports, including risk mitigation strategies and findings from ongoing monitoring activities to senior management and relevant stakeholders.
- Other duties as assigned by the CISO.
Here’s what we are looking for:
- International Association of Privacy Professionals (IAPP) certification is preferred.
- Strong understanding of data protection laws and regulations, such as GDPR, NDPA, and other privacy regulations/legislations in Africa.
- Excellent communication and interpersonal skills.
- You are exceptionally driven and autonomous.
- Strong analytical and problem-solving skills.
- Ability to exhibit high levels of professionalism, integrity, and ethical values at all times.
- Ability to plan and prioritize own work under tight deadlines, as well as to work on own initiative and as a member of a team.
- You are comfortable working in a fast-paced environment - because we are a startup, we need someone who can easily adapt and work quickly to achieve results.
- Finally, you are an out-of-the-box thinker and think of new ways to disrupt the status quo.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.