Data Privacy Officer at Koraplay

Kora is a payment infrastructure for Africa. We offer plug-and-play payment solutions for businesses to launch a tailored payment experience for their customers. At the front and center of what we do every day, we are creating a future void of digital financial barriers across Africa. We are committed to delivering secure, reliable, and easy-to-use digital financial solutions to customers with a guarantee that they are improving their lives.

We are recruiting to fill the position below:

Job Title: Data Privacy Officer

Location: Lagos
Job type: Full-time
Reporting Structure: This role reports to the Chief Information Security Officer, CISO

About The Role

• As the Data Privacy Officer at Kora, you will play a critical role in ensuring that Kora maintains the highest data protection and privacy standards.
• You will be responsible for overseeing our data privacy program, ensuring compliance with relevant laws and regulations, and implementing best practices for data protection.
• Additionally, you will develop and implement a comprehensive data privacy program, conduct regular audits and assessments, and provide guidance and training to employees. 
• The Data Privacy Officer will also serve as the primary point of contact for data protection authorities and will be responsible for managing data protection inquiries and requests.
• They will work closely with the Information Security and Legal teams to ensure that data protection requirements are met across the organization. They will monitor changes in data protection laws and regulations and will update policies and procedures accordingly. In the event of a data breach or incident, the Data Privacy Officer will investigate and respond promptly to mitigate any potential harm.

Responsibilities
Here are a couple of things you'll be doing:

• Develop and implement a comprehensive data privacy program in line with relevant laws and regulations, such as GDPR and NDPA.
• Collaborate with internal teams to ensure that data protection and privacy requirements are integrated into designing and implementing new products and services.
• Conduct regular audits and assessments to identify and mitigate privacy risks.
• Conduct privacy impact assessments (PIAs) to assess and mitigate privacy risks associated with new projects or initiatives.
• Develop and implement policies and procedures for data protection and privacy.
• Provide guidance and training to employees on data protection best practices.
• Serve as the point of contact for data protection authorities and manage data protection inquiries and requests.
• Monitor changes in data protection laws and regulations and update policies and procedures accordingly.
• Work closely with the Information Security team to ensure data protection requirements are met.
• Collaborate with the Legal team to review and negotiate data protection and privacy terms in contracts with third-party vendors and partners.
• Stay abreast of industry trends and best practices in data protection and privacy, and provide recommendations for continuous improvement of the data privacy program.
• Prepare and present regular reports to the Management team on the status of the data privacy program and any identified risks or issues.
• Investigate and respond to data breaches and incidents on time.
• Conduct comprehensive due diligence on existing and prospective third-party partners/vendors, assessing their compliance standards, cybersecurity measures, and overall risk exposure.
• Develop and maintain a standardized risk assessment framework, including criteria for evaluating potential risks associated with third-party relationships
• Monitor third-party vendors’ compliance with established policies, regulatory requirements, and risk management controls.
• Implement strategies to mitigate risks, such as contractual obligations, service level agreements (SLAs), and periodic vendor reviews
• Continuously improve the organization’s third-party risk management framework, integrating best practices and adapting to evolving risks and regulations.
• Ensure all third-party risk management processes align with relevant regulatory requirements (e.g., GDPR) and industry standards
• Prepare and present risk reports, including risk mitigation strategies and findings from ongoing monitoring activities to senior management and relevant stakeholders.
• Other duties as assigned by the CISO.

Requirements
Here’s what we are looking for:

• International Association of Privacy Professionals (IAPP) certification is preferred.
• Strong understanding of data protection laws and regulations, such as GDPR, NDPA, and other privacy regulations/legislations in Africa.
• Excellent communication and interpersonal skills.
• You are exceptionally driven and autonomous.
• Strong analytical and problem-solving skills.
• Ability to exhibit high levels of professionalism, integrity, and ethical values at all times.
• Ability to plan and prioritize own work under tight deadlines, as well as to work on own initiative and as a member of a team.
• You are comfortable working in a fast-paced environment - because we are a startup, we need someone who can easily adapt and work quickly to achieve results.
• Finally, you are an out-of-the-box thinker and think of new ways to disrupt the status quo.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online