The Central Bank of Kenya is a public institution established under Article 231 of the Constitution of Kenya, 2010. The Bank is responsible for formulating monetary policy to achieve and maintain price stability and issuing currency. Pursuant to the CBK Act, the Central Bank promotes financial stability through regulation, supervision and licensing of fin...

Job Purpose

This role provides subject matter expertise in developing, implementing, and maintaining the Bank’s Privacy and Data Protection framework. It ensures compliance with applicable data protection laws and regulations, embeds privacy-by-design principles into business operations, and manages data-related risks across products, services, and third-party relationships.

Qualifications or requirements (e.g., education, skills)

• Bachelor’s degree in Law, IT, Business, or related field
• Membership of good standing in relevant professional association/ Institute.
• Professional certifications such as CIPP/E, CIPM, or equivalent privacy qualification is an added advantage.

Experience needed

• Minimum 5 years' experience in data protection, privacy compliance, or related risk roles in an organization of similar size and complexity.

• Maintain, and monitor the bank’s Privacy & Data Protection Framework, policies and standards.
• Maintain records of processing activities and lawful basis inventory across departments and the Bank as a whole.
• Provide advisory on privacy-by-design for new products, digital channels and new technology implementations.
• Conduct Data Privacy Impact Assessments as required.
• Coordinate data protection inquiries, breach notifications, and inspections.
• Co-lead incident response for data protection incidents.
• Coordinate post incident root cause analysis and lessons learned to enhance controls.
• Embed privacy in third party risk management.
• Design and deliver role-based privacy and data awareness training.
• Oversee retention and disposal aligned to legal, regulations, and business needs and work with IT and Records Management to operationalize deletion and archive controls.
• Plan and execute privacy control testing, thematic reviews, and supplier audits.
• Track remediation and report control maturity and risk posture.
• Prepare data protection compliance reports and dashboards.

• Bachelor’s degree in Law, IT, Business, or related field
• Membership of good standing in relevant professional association/ Institute.
• Professional certifications such as CIPP/E, CIPM, or equivalent privacy qualification is an added advantage.