Nigeria and Ghana Cluster Data Protection Office (DPO) at Citi

Responsibilities:

• Participating in the design, development, delivery and maintenance of best-in-class Compliance, programs, policies and practices for ICRM.
• Supporting and leading aspects of the global privacy program by developing and driving implementation of best practices, procedures, tools, checklists, monitoring, while creating metrics and reporting results.
• Providing recommendations for operationalising solutions across the Privacy program including metrics and reporting.
• Implementing operationalised solutions which will replace manual processes with automation.
• Analyzing comparative data and preparing regional and global reports related to compliance risk assessments, and monitoring of compliance related issues.
• Reviewing materials to ensure compliance with various regulatory and legal requirements. Identifying and addressing potential risks.
• Investigating and assisting in responses to compliance risk issues. Investigating regulatory inquiries, preparing required documentation, making recommendations to senior management on how to proceed, and preparing responses for the regulatory inquiries.
• Monitoring adherence to Citi’s Compliance Risk Policies and relevant procedures.
• Preparing, editing and maintaining Compliance program related materials.
• Interacting and working with other areas within Citi, as necessary.
• Providing advisory support on privacy and banking confidentiality laws to products and global functions.
• Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas.
• Additional duties as assigned.
• Has the ability to operate with a limited level of direct supervision.
• Can exercise independence of judgement and autonomy.
• Acts as SME to senior stakeholders and /or other team members.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• Knowledge of Compliance laws, rules, regulations, risks and typologies
• Excellent written and verbal communication skills
• Must be a self-starter, flexible, innovative and adaptive
• Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization
• Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization
• Excellent project management and organizational skills and capability to handle multiple projects at one time
• Proficient in MS Office applications (Excel, Word, PowerPoint)
• Candidates must also have a minimum of 15 years postgraduation experience, out of which at least 10 must have been in the banking industry and at least 2 as Assistant General Manager.
• Evidence of experience in at least three (3) major areas of banking operations.
• Experience in compliance, legal or other control-related function preferably in a financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof.
• Knowledge of the local privacy laws and regulations in the presence and hub managed countries.
• Experience in advising on and implementing practical solutions for privacy/compliance issues.
• Ability to raise awareness on data protection and privacy requirements within the organization.
• Ability to promote a data protection and privacy compliant culture within the organization.
• Understanding of data security and information technology.
• Written and spoken English language skills (professional proficiency).

Education:

• Bachelor’s degree; experience in compliance, legal or other control-related function in the financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof; experience in area of focus; Advanced degree preferred

Other requirements:

• IAPP CIPP, CIPM, CIPT or other Data Protection Officer certification (existing or pending) is an advantage.
• CISSP and CIPM and other Information Security-related certifications are a plus.

Additional duties as assigned, including:

• Acting as the Nigeria and Ghana Data Protection Officer with responsibility for advising and monitoring data protection requirements, and escalating matters as appropriate to the EMEA Chief Privacy Officer, the Nigeria and Ghana Compliance Heads and relevant governance forums.
• Facilitating compliance with and advising on local data protection, privacy and banking confidentiality laws to Citi branches and subsidiaries across Nigeria and Ghana.
• Assisting with the design and delivery of the global privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting and sharing leading practices with other DPOs and business stakeholders.
• Acting as a point of contact between Citi Legal Entities in Nigeria and Ghana and the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy including local regulatory reporting as required by country privacy laws and joining forums organized by external bodies, where appropriate.
• Reviewing and advising on Nigeria and Ghana data protection impact assessments, where necessary; developing an understanding of local data processing activities, data flows and associated privacy risks.
• Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances.
• Ensuring that regular assessment and audits are conducted to ensure compliance with local data protection laws.
• Monitoring and advising on the completion and maintenance of records of processing activities.
• Advising on privacy-related considerations and requirements during the investigation of security incidents including advising on notifications to local privacy regulators.
• Advising on the implementation of new data protection, privacy and banking confidentiality laws in Citi Legal Entities across Nigeria and Ghana, working closely with first line In-Business Privacy Officers, local Product and Function teams and Country Legal and Compliance.
• There may be a requirement to provide similar coverage for other countries in the region

Preferred:

• Knowledge and experience in understanding personal data processing activities and managing areas relevant to privacy and data protection (e.g. information security; data governance; third party risk management).
• Written and spoken French language skills.