United States International University-Africa (USIU-Africa) is a prestigious higher learning institution based in Nairobi, Kenya. As the most diverse university in East and Central Africa, USIU-Africa hosts approximately 7,000 students from over 60 nations and maintains a strong network of over 25,000 alumni worldwide. It is the only university in Sub-Saharan Africa accredited by both the Commission for University Education (CUE) of Kenya and the WASC Senior Colleges and Universities Commission (WSCUC) of the United States.
To maintain our commitment to providing high-quality, affordable education and world-class service delivery, we seek to recruit a highly qualified individual for the following position:
Position: Data Protection Manager
Job Summary
USIU-Africa is seeking an experienced and highly motivated Data Protection Manager to establish and maintain the university’s data governance framework. The ideal candidate should be a qualified lawyer with a minimum of six years of legal experience, preferably with expertise in data protection and privacy. The successful applicant will ensure the safeguarding of personal data belonging to staff, students, customers, service providers, and other individuals associated with the university. Preference will be given to candidates currently performing similar roles in other organizations.
The Data Protection Manager will report directly to the Director of Legal Services, focusing primarily on data protection and privacy compliance.
Job Purpose
The selected candidate will be responsible for ensuring the university’s compliance with data protection laws, maintaining best practices in data governance, and managing risks associated with data privacy. The role will involve leadership, compliance oversight, and stakeholder engagement to ensure all personal data within the institution is handled securely and ethically.
Key Responsibilities
A) Leadership and Stakeholder Management
- Develop and maintain strong relationships with the Office of the Data Protection Commissioner, relevant regulatory bodies, and other key stakeholders.
- Guide and assist staff and management in responding to inquiries or requests from regulators (ODPC), data subjects, and other stakeholders.
- Organize and facilitate training programs and awareness campaigns for university staff and other stakeholders regarding data protection and privacy obligations.
- Foster a culture of data protection and privacy by design and by default across the university.
B) Oversight Compliance with Data Protection and Privacy Regulations
- Serve as the public-facing representative for data protection concerns, advocating for data subjects and ensuring the university properly addresses their requests.
- Conduct regular assessments and maintain a comprehensive mapping of data processing activities across all functional areas of the university.
- Ensure the accessibility of the university’s Data Protection and Privacy policy by publishing it on the intranet and sharing it with all third-party service providers who process personal data on behalf of the university.
- Identify, assess, and manage third-party data protection risks.
- Monitor and enforce compliance with all relevant data protection laws and policies.
- Conduct legal research and stay updated on changes in relevant laws and regulations, providing regular updates to management, the University Council, University Senate, and the Board of Trustees.
C) Reporting and Incident Management
- Prepare regular compliance reports on data protection and privacy programs for the Director of Legal Services, the Management Board, and other relevant stakeholders.
- Support the Director of Legal Services in drafting reports regarding the institution’s compliance with data protection laws.
- Assist in managing data incidents and breaches, including responding to data security threats and breach notification procedures.
- Provide necessary updates on compliance matters concerning statutory and regulatory requirements.
- Facilitate the provision of ad-hoc reports and respond to regulatory information requests as needed.
Key Relationships
Internal Stakeholders
- University Council Executive Committee & Audit & Risk Committee
- Management Board
- Legal Department
- Chief Manager, Risk
- ICT, HR, Finance, Admissions & University Registrar
- Heads of Department
Knowledge, Skills, and Experience Required for the Role
- Minimum of six years of experience in a legal function, specifically focusing on data protection and privacy.
- Strong working knowledge of the Data Protection Act, 2019, and other applicable laws and regulations.
- Minimum of a Bachelor’s Degree in Law.
- Experience in policy development and compliance.
- Proficiency in reviewing contracts with third-party service providers.
- Strong understanding of data processing operations and the data protection needs of an educational institution.
- Experience in managing data incidents and breaches.
- Professional certification in Data Protection and/or Privacy is required.
Competencies Required for This Role
- Ability to work independently, demonstrate leadership, and drive organizational change.
- Excellent written and verbal communication skills.
- Strong project and change management skills, with the ability to prioritize and meet multiple deadlines.
- Ability to manage long-term projects and develop strategic alternatives for achieving compliance objectives.
- Detail-oriented approach to ensuring compliance with data privacy and protection regulations.
- High ethical standards with the ability to handle confidential information discreetly.
- Leadership and executive-level engagement skills, with the ability to work effectively with management and board members.
- Strong facilitation skills for training and stakeholder engagement.
- Excellent planning and organizational abilities.
- Analytical mindset with a proactive approach to learning and researching emerging data protection trends.
Salary Scale
The salary for this position is consolidated and ranges between Kshs. 200,000 and Kshs. 250,000, along with other prevailing university benefits.
Application Process
If you have the requisite qualifications and experience and are passionate about working in a dynamic, international, and multicultural institution, we encourage you to apply. Please indicate in the subject line: ‘Data Protection Manager’ when submitting your application.
Interested applicants must submit the following documents by 5:00 PM on Wednesday, March 12, 2025:
- Cover letter
- Updated CV
- Certified copies of academic certificates and transcripts
- Contact details of three referees (including telephone numbers and email addresses)
Send your application to:
Director, Human Resource
United States International University – Africa
P. O. Box 14634-00800, Nairobi, Kenya
Email: [email protected]
Disclaimer: Only shortlisted candidates will be contacted.
USIU-Africa is an equal opportunity employer.
