Data Privacy Officer

Kora is the marketplace for everything payments. We offer a robust payment API for payment collections, disbursements and conversions for businesses anywhere in Africa. 

Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers. We are committed to delivering reliable, secure, and easy-to-use digital financial solutions to every single customer with a guarantee that it is improving their lives. To achieve this mission, we need people like you. 

We strongly believe in our ability to find Water in the Desert and pick the Sands in the Ocean.

We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background.

About The Role

As the Data Privacy Officer at Kora, you will play a critical role in ensuring that Kora maintains the highest data protection and privacy standards.

You will be responsible for overseeing our data privacy program, ensuring compliance with relevant laws and regulations, and implementing best practices for data protection. Additionally, you will develop and implement a comprehensive data privacy program, conduct regular audits and assessments, and provide guidance and training to employees. 

The Data Privacy Officer will also serve as the primary point of contact for data protection authorities and will be responsible for managing data protection inquiries and requests.

They will work closely with the Information Security and Legal teams to ensure that data protection requirements are met across the organization. They will monitor changes in data protection laws and regulations and will update policies and procedures accordingly. In the event of a data breach or incident, the Data Privacy Officer will investigate and respond promptly to mitigate any potential harm.

Requirements

Here are a couple of things you'll be doing:

• Develop and implement a comprehensive data privacy program in line with relevant laws and regulations, such as GDPR and NDPA.
• Collaborate with internal teams to ensure that data protection and privacy requirements are integrated into designing and implementing new products and services.
• Conduct regular audits and assessments to identify and mitigate privacy risks.
• Conduct privacy impact assessments (PIAs) to assess and mitigate privacy risks associated with new projects or initiatives.
• Develop and implement policies and procedures for data protection and privacy.
• Provide guidance and training to employees on data protection best practices.
• Serve as the point of contact for data protection authorities and manage data protection inquiries and requests.
• Monitor changes in data protection laws and regulations and update policies and procedures accordingly.
• Work closely with the Information Security team to ensure data protection requirements are met.
• Collaborate with the Legal team to review and negotiate data protection and privacy terms in contracts with third-party vendors and partners.
• Stay abreast of industry trends and best practices in data protection and privacy, and provide recommendations for continuous improvement of the data privacy program.
• Prepare and present regular reports to the Management team on the status of the data privacy program and any identified risks or issues.
• Investigate and respond to data breaches and incidents on time.
• Conduct comprehensive due diligence on existing and prospective third-party partners/vendors, assessing their compliance standards, cybersecurity measures, and overall risk exposure.
• Develop and maintain a standardized risk assessment framework, including criteria for evaluating potential risks associated with third-party relationships
• Monitor third-party vendors’ compliance with established policies, regulatory requirements, and risk management controls.
• Implement strategies to mitigate risks, such as contractual obligations, service level agreements (SLAs), and periodic vendor reviews
• Continuously improve the organization’s third-party risk management framework, integrating best practices and adapting to evolving risks and regulations.
• Ensure all third-party risk management processes align with relevant regulatory requirements (e.g., GDPR) and industry standards
• Prepare and present risk reports, including risk mitigation strategies and findings from ongoing monitoring activities to senior management and relevant stakeholders.
• Other duties as assigned by the CISO.

Here’s what we are looking for:

• International Association of Privacy Professionals (IAPP) certification is preferred.
• Strong understanding of data protection laws and regulations, such as GDPR, NDPA, and other privacy regulations/legislations in Africa.
• Excellent communication and interpersonal skills.
• You are exceptionally driven and autonomous.
• Strong analytical and problem-solving skills.
• Ability to exhibit high levels of professionalism, integrity, and ethical values at all times.
• Ability to plan and prioritize own work under tight deadlines, as well as to work on own initiative and as a member of a team.
• You are comfortable working in a fast-paced environment - because we are a startup, we need someone who can easily adapt and work quickly to achieve results.
• Finally, you are an out-of-the-box thinker and think of new ways to disrupt the status quo.

Reporting Structure: This role reports to the Chief Information Security Officer, CISO

Interview process 

Below is the interview process you can expect for this role. It may look like a lot of steps, but rest assured that we move quickly and the steps are designed to help you get the information needed to determine if we’re the right fit for you… Interviewing is a two-way street, after all! 

We expect the interview process to take a maximum of 3 weeks and an average of 2.5 hours in total. Please note that the interview is virtual.

👋Introduction Stage - we have initial conversations to get acquainted with you and overall experience.

[15m] Recruiter Screen - Abayomi Ishmael 

Feedback from the Recruiter (Abayomi Ishmael)

🧑‍💻 [60m] Team Interview Stage (Information Security Team) - We proceed to explore your professional background in greater detail and facilitate introductions to team members, including those from various cross-functional areas.

[60m] Cultural Fit Interview  (Our Core Values)- At this stage, you'll engage in a conversation with Kora's COO, the Head of People and Culture, and the head of the team you’re being considered for. The aim is to understand you better and assess the alignment of your beliefs and values with Kora's distinctive culture. We'd like to emphasize that there are no right or wrong answers expected. However, we encourage you to maintain a positive attitude during this session.

Please note that you are welcome to ask questions and inquire during this process. We assure you of complete transparency throughout the interview process.

Working hours

Given that we are an all-remote company and hire almost anywhere in the world, we don’t have a location requirement for this role. However, your working hours must coincide with 9:00 am - 5:00 pm WAT for at least 40 hours/week.

Equal Opportunity Employer

Kora is an equal-opportunity employer dedicated to building an inclusive and diverse workforce. All employment decisions are based on qualifications, experience, and business needs. We strongly encourage applications from underrepresented communities and diverse ethnic groups to apply.

Please feel free to inform us if you need any accommodations to facilitate your participation in the recruitment process. Any details you share will be used solely to ensure we can support and accommodate your needs appropriately

If you require more information on our HR Data Privacy, please visit here.

Benefits

• Health insurance
• Sponsored and tailored training
• Paid parental leave
• Paid time-off
• Flexible work style
• Annual performance bonus
• Low-interest loans
• Employee assisted programs
• Day off on your birthday 🎂 🎁 🎉
• Employee resource groups that provide supportive communities within Kora
• Great company culture and the opportunity to work with a highly collaborative team building something great!

Note: We recognize imposter syndrome is real - any candidate who does not perfectly fit every characteristic of this role is still strongly encouraged to apply.