With 75 years of experience, our focus is on helping the most vulnerable children overcome poverty and experience fullness of life. We help children of all backgrounds, even in the most dangerous places, inspired by our Christian faith.

Come join our 33,000+ staff working in nearly 100 countries and share the joy of transforming vulnerable children’s life stories!

Key Responsibilities:

Data Protection and Compliance Management

Ensure full compliance with the Data Protection Act 2019 and GDPR standards.Conduct Data Protection Impact Assessments (DPIAs) for new or modified data processing activities.Maintain an updated record of processing activities, privacy notices, and consent mechanisms.Coordinate compliance with Payment Card Industry Data Security Standards (PCI DSS).Support the organization in managing and responding to data subject rights requests within statutory timelinesOversee implementation of lawful data retention, archiving, and secure disposal policiesEnsure that international data transfers comply with legal adequacy requirements and secure transfer mechanisms.Embed privacy-by-design principles into projects, products, and system developments.

Cyber-Security Governance, Risk, and Compliance Management

Monitors the legal and regulatory environment for developments.Manages the implementation of the cybersecurity programs aimed at identification, management and remediation of threats to improve the cybersecurity posture.Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.A robust, updated cybersecurity framework that is aligned with a Zero Trust paradigm, NIST CSF, CIS Critical Security Controls, Cloud Security Alliance Cloud Controls Matrix, and organizational standards.Proactively assess system vulnerabilities and incidents and establish mitigation procedures to minimize impact to business operations.Document and test security incident response plans and protocols.Plan and oversee periodic penetration testing, ethical hacking, and red/blue team simulations to evaluate incident preparedness.Monitor global threat intelligence feeds and proactively adjust defensive postures in response to emerging threatsIncident Response Management Lead the development and execution of incident response plans.Investigate and document security breaches and recommend corrective actions.Collaborate with legal, compliance, and ICT teams for resolution and regulatory reporting.Maintain a data breach register and ensure timely notification to authorities and data subjects as required.

Staff Training and Awareness

Develop and roll out organization-wide training programs on cybersecurity and data privacy.Conduct regular workshops and simulated phishing assessments.Raise awareness on best practices in data handling, incident reporting, and digital hygieneSupport internal departments and third parties in aligning data processing with compliance requirements.Policy Development and Audit Draft and maintain ICT security policies, standards, procedures, guidelines, and playbooks.Lead internal and external audits for cybersecurity and data protection compliance.Provide inputs for organizational policy improvements and governance structures.Establish and track data protection performance indicators, and continuously improve internal processes based on audit findings and legal updates.                                               Stakeholder Engagement and ReportingAct as the liaison with the Office of the Data Protection Commissioner and other relevant bodies.Provide quarterly risk and compliance reports to senior leadership.Contribute to cross-functional security and compliance committees.Support internal departments and third parties in aligning data processing with compliance requirements.

KNOWLEDGE/QUALIFICATIONS FOR THE ROLE

Required Professional experience

Minimum 4 years' experience in cyber security and data protection privacy, advocacy and implementation (INGO/IASC/PIM humanitarian data experience will be an added advantage)Expertise in data protection and compliance laws, rules, regulations, risks, specifically privacy and data protection laws, rules and regulations in East AfricaAwareness of regulatory requirements including local, international and industry standardsKnowledge and experience in data processing and managing areas relevant to privacy and data protection (information security; data governance; third party risk management; data encryption/decryption)Experience with digital security awareness topics and best practices, particularly cybersecurityExperience with remote facilitation and trainingExperience within a legal, audit and/or risk function departmentStrong project management skillsAbility to work well under pressure and manage sensitive and confidential informationExcellent verbal and written communication skills, with strong attention to detailGreat interpersonal skills and ability to work well both independently and as part of a teamExcellent analytic and computer skills

Required Education & Certification

Bachelor’s Degree in any of the following fields; Computer Science, Information Communication Technology, Informatics, Law, Statistics or their equivalent from a recognized and accredited institution; 

Preferred Professional certifications;  

Any Cyber-Security certifications (CompTIA or any other)Any data privacy certification (CISSP/ CISM or any other)

Preferred Knowledge and Qualifications

Ability to engage at a strategic level with Office of Data Protection Commissioner officials.Strong budgetary and financial management skills.The person must be results oriented, able to handle public relations, and a team player.Good interpersonal, organizational and management skills.Ability to maintain performance expectations in diverse cultural contexts, and physical hardship conditions.Ability to solve complex problems and to exercise independent judgment

World Vision Kenya is part of the Inter-Agency Scheme for the Disclosure of Safeguarding-related Misconduct in Recruitment Process within the Humanitarian and Development Sector and all candidates will thus be screened as appropriate for any safeguarding related misconduct.

World Vision Kenya does not, and will never, solicit money for any part of its recruitment processes including short-listing, interviews, background, and/or medical check-ups. 

World Vision Kenya will not be responsible for such fraudulent correspondence or any loss of money or theft which may result from anyone engaging in any fraudulent recruitment activity.

Applicant Types Accepted:

Local Applicants Only