Citibank Nigeria Limited (CNL) was incorporated in Nigeria on May 2, 1984 and the oldest international bank in the country. It provides a wide range of financial products and services to corporate and commercial customers, financial institutions and public sector organizations. It offers deposit and loan products, global transaction services, cash management, sales and trading, corporate finance and investment banking products.
The company was formerly known as Nigeria International Bank Ltd and changed its name to Citibank Nigeria in 2008. Today it employs about 300 people and operates 12 branches in Lagos, Abuja, Port Harcourt, Warri, Kano, Bonny, Aba, Lanlate and Ososa. As at December 31, 2016, it had over NGN 600 billion in total assets. Citibank Nigeria is owned by Citibank Overseas Investment Corporation, a subsidiary of Citibank N.A. (USA).
We are recruiting to fill the position below:
Job Title: Nigeria and Ghana Cluster Data Protection Office (DPO)
Job Req ID: 23653706
Job Type: Full Time
Job Family Group: Compliance and Control
Job Family: Compliance Risk Management
About the role
- Serves as a senior compliance risk analyst for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm’s risk appetite and protect the franchise.
- In addition, engages with the ICRM product and function coverage teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework.
- Participating in the design, development, delivery and maintenance of best-in-class Compliance, programs, policies and practices for ICRM.
- Supporting and leading aspects of the global privacy program by developing and driving implementation of best practices, procedures, tools, checklists, monitoring, while creating metrics and reporting results.
- Providing recommendations for operationalising solutions across the Privacy program including metrics and reporting.
- Implementing operationalised solutions which will replace manual processes with automation.
- Analyzing comparative data and preparing regional and global reports related to compliance risk assessments, and monitoring of compliance related issues.
- Reviewing materials to ensure compliance with various regulatory and legal requirements. Identifying and addressing potential risks.
- Investigating and assisting in responses to compliance risk issues. Investigating regulatory inquiries, preparing required documentation, making recommendations to senior management on how to proceed, and preparing responses for the regulatory inquiries.
- Monitoring adherence to Citi’s Compliance Risk Policies and relevant procedures.
- Preparing, editing and maintaining Compliance program related materials.
- Interacting and working with other areas within Citi, as necessary.
- Providing advisory support on privacy and banking confidentiality laws to products and global functions.
- Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas.
- Additional duties as assigned.
- Has the ability to operate with a limited level of direct supervision.
- Can exercise independence of judgement and autonomy.
- Acts as SME to senior stakeholders and/or other team members.
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Additional duties as assigned, including:
- Acting as the Nigeria and Ghana Data Protection Officer with responsibility for advising and monitoring data protection requirements, and escalating matters as appropriate to the EMEA Chief Privacy Officer, the Nigeria and Ghana Compliance Heads and relevant governance forums.
- Facilitating compliance with and advising on local data protection, privacy and banking confidentiality laws to Citi branches and subsidiaries across Nigeria and Ghana.
- Assisting with the design and delivery of the global privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting and sharing leading practices with other DPOs and business stakeholders.
- Acting as a point of contact between Citi Legal Entities in Nigeria and Ghana and the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy including local regulatory reporting as required by country privacy laws and joining forums organized by external bodies, where appropriate.
- Reviewing and advising on Nigeria and Ghana data protection impact assessments, where necessary; developing an understanding of local data processing activities, data flows and associated privacy risks.
- Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances.
- Ensuring that regular assessment and audits are conducted to ensure compliance with local data protection laws.
- Monitoring and advising on the completion and maintenance of records of processing activities.
- Advising on privacy-related considerations and requirements during the investigation of security incidents including advising on notifications to local privacy regulators.
- Advising on the implementation of new data protection, privacy and banking confidentiality laws in Citi Legal Entities across Nigeria and Ghana, working closely with first line In-Business Privacy Officers, local Product and Function teams and Country Legal and Compliance.
- There may be a requirement to provide similar coverage for other countries in the region.
- Bachelor’s Degree; experience in compliance, legal or other control-related function in the financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof; experience in area of focus; Advanced Degree preferred.
- IAPP CIPP, CIPM, CIPT or other Data Protection Officer certification (existing or pending) is an advantage.
- CISSP and CIPM and other Information Security-related certifications are a plus.
- Knowledge of Compliance laws, rules, regulations, risks and typologies
- Excellent written and verbal communication skills
- Must be a self-starter, flexible, innovative and adaptive
- Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization
- Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization
- Excellent project management and organizational skills and capability to handle multiple projects at one time
- Proficient in MS Office applications (Excel, Word, PowerPoint)
- Candidates must also have a minimum of 15 years postgraduation experience, out of which at least 10 must have been in the banking industry and at least 2 as Assistant General Manager.
- Evidence of experience in at least three (3) major areas of banking operations.
- Experience in compliance, legal or other control-related function preferably in a financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof.
- Knowledge of the local privacy laws and regulations in the presence and hub managed countries.
- Experience in advising on and implementing practical solutions for privacy/compliance issues.
- Ability to raise awareness on data protection and privacy requirements within the organization.
- Ability to promote a data protection and privacy compliant culture within the organization.
- Understanding of data security and information technology.
- Written and spoken English language skills (professional proficiency).
- Knowledge and experience in understanding personal data processing activities and managing areas relevant to privacy and data protection (e.g. information security; data governance; third party risk management).
- Written and spoken French language skills.
Application Closing Date
How to Apply
Interested and qualified candidates should:
Click here to apply online