Data Privacy Officer

Summary

Join Kora, the marketplace for everything payments, as a Data Privacy Officer and play a critical role in ensuring data protection and privacy standards. As a key member of the team, you will develop and implement a comprehensive data privacy program, conduct regular audits and assessments, and provide guidance and training to employees.

Responsibilities

• Develop and implement a comprehensive data privacy program in line with relevant laws and regulations, such as GDPR and NDPA
• Collaborate with internal teams to ensure that data protection and privacy requirements are integrated into designing and implementing new products and services
• Conduct regular audits and assessments to identify and mitigate privacy risks
• Conduct privacy impact assessments (PIAs) to assess and mitigate privacy risks associated with new projects or initiatives
• Develop and implement policies and procedures for data protection and privacy
• Provide guidance and training to employees on data protection best practices
• Serve as the point of contact for data protection authorities and manage data protection inquiries and requests
• Monitor changes in data protection laws and regulations and update policies and procedures accordingly
• Work closely with the Information Security team to ensure data protection requirements are met
• Collaborate with the Legal team to review and negotiate data protection and privacy terms in contracts with third-party vendors and partners
• Stay abreast of industry trends and best practices in data protection and privacy, and provide recommendations for continuous improvement of the data privacy program
• Prepare and present regular reports to the Management team on the status of the data privacy program and any identified risks or issues
• Investigate and respond to data breaches and incidents on time
• Conduct comprehensive due diligence on existing and prospective third-party partners/vendors, assessing their compliance standards, cybersecurity measures, and overall risk exposure
• Develop and maintain a standardized risk assessment framework, including criteria for evaluating potential risks associated with third-party relationships
• Monitor third-party vendors’ compliance with established policies, regulatory requirements, and risk management controls
• Implement strategies to mitigate risks, such as contractual obligations, service level agreements (SLAs), and periodic vendor reviews
• Continuously improve the organization’s third-party risk management framework, integrating best practices and adapting to evolving risks and regulations
• Ensure all third-party risk management processes align with relevant regulatory requirements (e.g., GDPR) and industry standards
• Prepare and present risk reports, including risk mitigation strategies and findings from ongoing monitoring activities to senior management and relevant stakeholders
• Other duties as assigned by the CISO