Role purpose:
The Cyber Security Data Protection Officer (DPO) is responsible for overseeing the organization's data protection strategy and its implementation to ensure compliance with data protection regulations and Safaricom Ethiopia policies. This role involves working closely with various departments to monitor data processing activities, conduct audits, and foster a culture of data security. Also ensuring the organization's adherence to cyber security standards, regulatory requirements, and best practices and also to establish, maintain, and enhance Cyber Security Governance, Risk management, and Control practices within the organization, thereby safeguarding sensitive information, protecting assets, and ensuring resilience against cyber threats. The candidate will work closely with various teams to assess risks and enhance security posture.
Key accountabilities and decision ownership:
· Develop and maintain a comprehensive data protection strategy in alignment with regulatory requirements and organizational goals.
· Develop and implement cyber security policies, standards, and procedures based on industry best practices and regulatory requirements.
· Ensure the organization complies with relevant data protection laws and standards, such as GDPR, CCPA, etc.
· Lead the implementation and maintenance of data protection policies and procedures.
· Conduct risk assessments and audits to identify and mitigate data protection risks.
· Monitor data processing activities and ensure data protection impact assessments are conducted where necessary.
· Develop and deliver training programs to ensure staff awareness and compliance with data protection regulations.
· Provide expert advice on data protection matters to stakeholders across the organization.
· Conduct risk assessments and gap analysis to identify security Gap and develop mitigation strategies.
· Collaborate with internal stakeholders to ensure alignment of security controls with business objectives and regulatory compliance.
· Monitor compliance with cyber security policies and standards through regular audits and assessments.
· Provide guidance and recommendations on security controls, technologies, and best practices to mitigate risks.
· Act as a subject matter expert on cyber security Data Protection matters, providing guidance and support to stakeholders across the organization.
· Stay updated on emerging threats, vulnerabilities, and regulatory changes to proactively address security risks.
Core competencies, knowledge and experience:
Business Competencies:
· Strong knowledge of data protection laws and practices, including GDPR and other relevant regulations.
· Excellent analytical and problem-solving skills.
· Strong communication and interpersonal skills, with the ability to explain complex data protection concepts to non-specialists.
· Experience in conducting data protection impact assessments and managing data protection audits.
· Ability to work independently and manage multiple projects simultaneously.
· Risk Analysis and Management
· Awareness of relevant laws, regulations, and industry standards and National Data Protecton rules.
· Excellent analytical and problem-solving skills with a creative mindset.
Creativity and Innovation
· Risk Assessment Techniques
· Data Protection Awareness Training
· Continuously adapting strategies and tools to keep pace with changing regulatory requirements and industry standards.
· Regulatory Compliance check
· Measure the effectiveness of data protection and compliance initiatives.
Business Know how
· Business Continuity
· Risk Management
· Telecommunications
· Industry and Regulatory Landscape
· Financial Implications of Cyber Risks
· Vendor and Supply Chain Management
· Data Protection Regulations
Working with Change
· Meticulous attention to details with a flexible mindset
· Open mind, readily adapting to new methodologies and emerging best practices.
· Keep abreast of changes in International and National data protection laws and regulations.
Project and Programme Management
· Risk Management
· Quality Management
· Stakeholder Management
· Time Management
· Continuous Improvement
Functional Competencies:
· Ability to conduct comprehensive risk assessments to identify, analyze, and prioritize cybersecurity risks within the organization.
· Deep understanding of National and international data protection laws and regulations.
· Ability to interpret and apply these regulations to the organization's policies and procedures.
· Skills in identifying, assessing, and mitigating data protection risks.
· Understanding of data privacy laws and regulations, as well as best practices for protecting sensitive information.
· Experience in conducting risk assessments and developing risk management strategies.
· Expertise in developing and implementing data protection.
· Ability to establish data handling and processing policies to ensure data integrity and confidentiality.
· Competence in creating and maintaining data protection policies, procedures, and guidelines.
· Skills in communicating these policies to stakeholders across the organization.
· Skills in designing and delivering training programs to educate employees on data protection issues.
· Ability to promote a culture of Cyber security within the organization.
· Experience in managing cybersecurity audits and assessments to evaluate compliance with internal policies and external regulations.
· Knowledge of vendor risk management practices, including assessing the cybersecurity posture of third-party vendors, conducting due diligence, and managing associated risks throughout the vendor lifecycle.
· Knowledge of security governance frameworks and methodologies for establishing and maintaining effective cybersecurity governance structures within the organization.
· Commitment to staying updated on emerging cybersecurity threats, technologies, and industry trends.
· Familiarity with data protection technologies, such as encryption, anonymization, and pseudonymization.
· Understanding of cybersecurity principles and practices to protect data assets.
· Ability to conduct audits to ensure compliance with data protection regulations.
· Skills in preparing for and responding to regulatory audits and inquiries.
Must have technical / professional qualifications:
· Degree in Information Technology or Computer Science or a related field.
· Deep knowledge of cybersecurity with at least 5 years of experience, including 3 years focused on GRC.
· In-depth knowledge of General Data Protection Regulation (GDPR)
· In-depth knowledge of cyber security principles, standards, and best practices, including NIST Cybersecurity Framework, ISO 27001, etc.
· Experience with Data Protection Technologies
· Ability to conduct risk assessments related to data protection and Cyber security.
· Develop and implement risk mitigation strategies
· Excellent analytical and problem-solving skills, with the ability to evaluate complex systems and processes.
· Effective communication skills, with the ability to convey technical information to non-technical stakeholders.
How To Apply
If you feel that you are up to the challenge and possess the necessary qualification and experience, kindly proceed to update your candidate profile on the career portal and then Click on the apply button. Remember to attach your resume.
The closing date for receiving applications is Sunday November 03,2024