ASSISTANT DATA PROTECTION OFFICER

About Us

CIC Insurance Group is a leading insurance and financial services organisation with more than five decades of experience helping individuals, families, and organizations achieve financial security.

We have grown into a dynamic Group offering life, general, micro insurance, asset management, and investment solutions, with operations in Kenya, Uganda, South Sudan, and Malawi, and are listed on the Nairobi Securities Exchange.

Our tagline, “We Keep Our Word,” reflects our unwavering commitment to integrity, transparency, and delivering on our promises to our clients, partners, and communities.

CIC Group is passionate about innovation, digital transformation, and inclusive insurance solutions that meet the evolving needs of cooperatives, SMEs, corporates, and individuals. By joining us, you will be part of a team that is shaping the future of financial protection across Africa.

About the Role

Reporting to the Data Protection Officer, the role holder will support in monitoring compliance with the Data Protection Act and all applicable data privacy regulations across CIC Insurance Group. The role provides essential operational and analytical support to ensure that the Group and its subsidiaries maintain robust data protection practices in line with regulatory requirements. The role holder assists in developing and maintaining the Group’s data protection framework, managing records of processing activities, supporting data protection impact assessments, coordinating training programmes, and acting as a point of contact for internal stakeholders on day-to-day data protection matters.

Key Responsibilities

• Support the Data Protection Officer in monitoring and implementing the Group’s Data Protection Framework, including assisting in updating policies, data collection templates, data mapping exercises, and the overall data protection implementation plan across all subsidiaries.
• Maintain and update the Group’s Records of Processing Activities (ROPA), ensuring all data processing activities across subsidiaries are accurately documented, classified by purpose and legal basis, and made available on request in accordance with the Data Protection Act.
• Assist in conducting Data Protection Impact Assessments (DPIAs) for new or changed processing activities, projects, and systems, documenting findings, risk ratings, and recommended mitigating controls for review and sign-off by the DPO.
• Coordinate and support the delivery of data protection training programs across CIC Group, maintaining training registers, updating training materials as regulatory requirements evolve, and tailoring sessions to specific processing functions or subsidiary requirements.
• Support the management of data subject rights requests, including Subject Access Requests, requests for erasure, rectification, or restriction of processing, ensuring responses are prepared within regulatory timeframes and referred to the DPO for approval where required.
• Assist in managing data security incidents and breaches, including initial assessment, documentation, impact assessment support, and coordination with the Information Security team to ensure timely escalation and regulatory notification in line with the Group’s incident management plan.
• Support the preparation of privacy statements for each processing operation and assist in ensuring these are incorporated into company forms, websites, correspondence, and other data collection touchpoints across all subsidiaries.
• Assist in compliance review exercises and audits, identifying gaps in data protection practices, documenting findings, and tracking remediation actions to closure in collaboration with relevant business units.
• Assist the DPO in preparing quarterly status reports on data protection compliance, highlighting emerging risks, incidents, or areas requiring immediate attention.
• Help coordinate with the Office of the Data Protection Commissioner and other supervisory authorities as directed by the DPO, including assisting in preparing responses to queries, complaints, or inspection requests.
• Monitor developments in data protection legislation, regulatory guidance, and best practice across the Group’s operating jurisdictions, preparing briefing notes and updates for the DPO and relevant stakeholders.

General Responsibilities;

• Participate in departmental planning and budgeting as required.
• Participate in relevant committees, working groups, and governance meetings as directed by the DPO.
• Liaise with internal audit, external auditors, and regulators on data protection matters as directed.
• Assist in planning and organizing internal awareness activities and campaigns related to data privacy and protection.

 Who We’re Looking For

Essential Knowledge/Skills and Experience Required:

• Bachelor’s degree in Law, Computer Science, Information Technology, Business Administration, or a related field.
• A data protection or privacy certification from a recognized body is preferred
• Additional qualifications in information security (CISA, CISM, or CISSP) are an added advantage
• At least 2–3 years’ relevant experience in a compliance, legal, audit, or data protection support role within the financial services industry, preferably insurance or banking.
• Demonstrated experience in maintaining compliance records, conducting assessments, or supporting regulatory reporting processes

Why Join Us?

Joining CIC Insurance Group as an Assistant Data Protection Officer offers a unique opportunity to build expertise in data privacy within a multi-country financial services environment. In this role, you will gain hands-on experience in implementing data protection frameworks, supporting compliance with evolving regulations such as the Data Protection Act and GDPR, and participating in critical processes like DPIAs, audits, and incident management. You will work closely with cross-functional teams, enhancing your analytical and advisory skills while contributing to safeguarding sensitive data. This position provides an excellent platform to grow into a data protection specialist within a highly regulated and innovation-driven organization.

If you have the aforementioned professional and academic qualifications and you are ready to execute the above mandate, strictly apply through: https://careers.cicinsurancegroup.com/ clearly indicating the position being applied for.

The application should reach us by close of business on 28^th April, 2026. Please note only short-listed candidates will be contacted. If you do not hear from us by 31^st May, 2026 consider your application unsuccessful.

CIC Group is an equal opportunity employer and does not solicit or require any form of payment for employment opportunities.

N/B: This job advert is open to both internal and external candidates.