Compliance Risk Management Officer - West Africa Data Protection Officer (DPO) at Citi

Serves as a compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protects the franchise. In addition, engages with the ICRM product and function coverage teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework.

Responsibilities:

• Designing, developing, delivering and maintaining best-in-class Compliance, programs, policies and practices for ICRM.
• Translating ICRM strategy and goals across Citi’s clients, products and geographies in a succinct and clear manner; provide direction and guidance on the programs. Serves as a subject matter expert on Citi’s Compliance programs.
• Providing oversight and guidance over the assessment of complex issues, structuring potential solutions and driving effective resolution with other stakeholders.
• Identifying and assessing Citi’s key compliance risks. Ensuring compliance risks within Citi are effectively identified, measured, monitored, and controlled, consistent with the bank’s risk appetite statement and all policies and processes established within the risk governance framework.
• Monitoring adherence to Citi’s Compliance Risk Policies and measuring compliance risk through a robust control framework and ensuring that reviews are conducted consistently across each entity on a regular basis to confirm that controls identified are operating effectively.
• Performing complex analyses of comparative data, preparing and presenting regional and global reports related to compliance risk assessments, and monitoring of compliance related issues.
• Partnering, collaborating and working with other areas within Citi, as necessary.
• Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas.

Additional duties as assigned, including:

• Acting as the West Africa Data Protection Officer with lead responsibility for advising and monitoring data protection requirements, and escalating matters as appropriate to the EMEA Chief Privacy Officer, the West Africa Compliance Head and relevant governance forums.
• Facilitating compliance with and advising on local data protection, privacy and banking confidentiality laws to Citi branches and subsidiaries across West Africa.
• Assisting with the design and delivery of the global privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting and sharing leading practices with other DPOs and business stakeholders.
• Acting as a point of contact between Citi Legal Entities in West Africa and the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy including local regulatory reporting as required by country privacy laws and joining forums organized by external bodies, where appropriate.
• Reviewing and advising on West Africa data protection impact assessments, where necessary; developing an understanding of local data processing activities, data flows and associated privacy risks.
• Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances.
• Ensuring that regular assessment and audits are conducted to ensure compliance with local data protection laws.
• Monitoring and advising on the completion and maintenance of records of processing activities.
• Advising on privacy-related considerations and requirements during the investigation of security incidents including advising on notifications to local privacy regulators.
• Advising on the implementation of new data protection, privacy and banking confidentiality laws in Citi Legal Entities across West Africa, working closely with first line In-Business Privacy Officers, local Product and Function teams and Country Legal and Compliance.

Education level and relevant experience:

Required:

• A minimum of first degree or its equivalent in any discipline plus a relevant higher degree or professional qualification.
• Candidates must also have a minimum of 15 years postgraduation experience, out of which at least 10 must have been in the banking industry and at least 2 as Assistant General Manager.
• Evidence of experience in at least three (3) major areas of banking operations.
• Experience in compliance, legal or other control-related function preferably in a financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof.
• Knowledge of the local privacy laws and regulations in the West Africa presence and hub managed countries.
• Experience in advising on and implementing practical solutions for privacy/compliance issues.

Preferred:

• Advanced degree (e.g. JD, MBA) a plus

Knowledge and skills:

Required:

• Demonstrated knowledge of Compliance laws, rules, regulations, risks and typologies, specifically privacy and data protection laws, rules and regulations in West Africa.
• Excellent written, verbal and analytical skills.
• Must be a self-starter, flexible, innovative and adaptive.
• Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization.
• Ability to both work collaboratively and independently; ability to navigate a complex organization.
• Excellent project management and organizational skills and capability to handle multiple projects at one time.
• Proficient in MS Office applications (Excel, Word, PowerPoint).
• Ability to raise awareness on data protection and privacy requirements within the organization.
• Ability to promote a data protection and privacy compliant culture within the organization.
• Understanding of data security and information technology.
• Written and spoken English language skills (professional proficiency).

Preferred:

• Knowledge and experience in understanding personal data processing activities and managing areas relevant to privacy and data protection (e.g. information security; data governance; third party risk management).
• Written and spoken French language skills.

Other requirements:

• IAPP CIPP, CIPM, CIPT or other Data Protection Officer certification (existing or pending) is an advantage.
• CISSP and CIPM and other Information Security-related certifications are a plus.