Data Privacy Officer

Summary

Join Kora, the leading payments marketplace in Africa, as their Data Privacy Officer. You will be a key player in upholding the highest data protection and privacy standards, overseeing the data privacy program, and ensuring compliance with relevant laws and regulations. This role involves developing and implementing a comprehensive data privacy program, conducting regular audits and assessments, and providing employee training. You will also serve as the primary contact for data protection authorities, managing inquiries and requests. Close collaboration with Information Security and Legal teams is essential to ensure data protection across the organization. The ideal candidate will be highly driven, autonomous, and possess strong analytical and problem-solving skills.

Requirements

• Strong understanding of data protection laws and regulations, such as GDPR, NDPA, and other privacy regulations/legislations in Africa
• Excellent communication and interpersonal skills
• Strong analytical and problem-solving skills
• Ability to exhibit high levels of professionalism, integrity, and ethical values at all times
• Ability to plan and prioritize own work under tight deadlines, as well as to work on own initiative and as a member of a team
• You are comfortable working in a fast-paced environment - because we are a startup, we need someone who can easily adapt and work quickly to achieve results
• You are an out-of-the-box thinker and think of new ways to disrupt the status quo

Responsibilities

• Develop and implement a comprehensive data privacy program in line with relevant laws and regulations, such as GDPR and NDPA
• Collaborate with internal teams to ensure that data protection and privacy requirements are integrated into designing and implementing new products and services
• Conduct regular audits and assessments to identify and mitigate privacy risks
• Conduct privacy impact assessments (PIAs) to assess and mitigate privacy risks associated with new projects or initiatives
• Develop and implement policies and procedures for data protection and privacy
• Provide guidance and training to employees on data protection best practices
• Serve as the point of contact for data protection authorities and manage data protection inquiries and requests
• Monitor changes in data protection laws and regulations and update policies and procedures accordingly
• Work closely with the Information Security team to ensure data protection requirements are met
• Collaborate with the Legal team to review and negotiate data protection and privacy terms in contracts with third-party vendors and partners
• Stay abreast of industry trends and best practices in data protection and privacy, and provide recommendations for continuous improvement of the data privacy program
• Prepare and present regular reports to the Management team on the status of the data privacy program and any identified risks or issues
• Investigate and respond to data breaches and incidents on time
• Conduct comprehensive due diligence on existing and prospective third-party partners/vendors, assessing their compliance standards, cybersecurity measures, and overall risk exposure
• Develop and maintain a standardized risk assessment framework, including criteria for evaluating potential risks associated with third-party relationships
• Monitor third-party vendors’ compliance with established policies, regulatory requirements, and risk management controls
• Implement strategies to mitigate risks, such as contractual obligations, service level agreements (SLAs), and periodic vendor reviews
• Continuously improve the organization’s third-party risk management framework, integrating best practices and adapting to evolving risks and regulations
• Ensure all third-party risk management processes align with relevant regulatory requirements (e.g., GDPR) and industry standards
• Prepare and present risk reports, including risk mitigation strategies and findings from ongoing monitoring activities to senior management and relevant stakeholders
• Other duties as assigned by the CISO

Preferred Qualifications

International Association of Privacy Professionals (IAPP) certification

Benefits

• Health insurance
• Sponsored and tailored training
• Paid parental leave
• Paid time-off
• Flexible work style
• Annual performance bonus
• Low-interest loans
• Employee assisted programs
• Day off on your birthday
• Employee resource groups that provide supportive communities within Kora
• Great company culture and the opportunity to work with a highly collaborative team building something great!