Data Protection Officer

Job Title: Data Protection Officer

Location: Ghana - remote

Reports to: Chief Financial Officer

Job Summary:

The Data Protection Officer (DPO) will be responsible to maintain Ezra's data protection strategy and its implementation to ensure compliance with global data protection regulations across Africa, the Middle East and Asia markets. This role will involve maintaining a robust data governance framework, advising on data protection impact assessments, managing data breach incidents, and serving as the primary point of contact for data protection authorities and data subjects. The DPO will play a crucial role in safeguarding customer data, maintaining trust, and supporting Ezra's business objectives by ensuring secure and compliant data practices.

Key Responsibilities:

Data Protection Governance And Compliance:

• Maintain and lead Ezra's data protection policies and procedures in accordance with ISO 27001:2022 and applicable laws (e.g., GDPR, local privacy laws in Africa, the Middle East, and Asia).
• Monitor compliance with data protection laws, internal policies, and codes of conduct, including regular audits and assessments.
• Maintain accurate records of all data processing activities, data protection policies, and incidents.
• Stay up-to-date with changes in data protection laws and best practices, adapting Ezra's strategy accordingly.

Risk Management, Data Security, and Advisory:

• Conduct Data Protection Impact Assessments (DPIAs) for new projects, products and technologies, ensuring privacy by design.
• Serve as the primary contact point for data subjects regarding their data protection rights and handle data access requests, rectification, erasure, and objections.
• Serve as the liaison with data protection authorities and cooperate with them on issues relating to data processing.
• Manage and investigate data breaches, including reporting to relevant authorities and affected individuals as required.

Training And Awareness:

• Deliver quarterly training and awareness programs to Ezra employees on data protection principles, policies, and best practices.
• Collaborate with legal, IT, product development, and other departments to embed data protection into all aspects of the business, from loan requests to data analytics.

Qualifications And Experience:

• Bachelor's degree in Law is preferred, but someone with a degree in a relevant field and data protection experience will be considered. 
• 6+ years of experience in data protection, privacy, or compliance roles, preferably within the FinTech or financial services industry.
• Strong understanding of global data protection laws and regulations, including but not limited to GDPR, and an ability to adapt to diverse regulatory landscapes in emerging markets.
• Familiarity with the challenges and nuances of data protection in the African, Middle Eastern, and Asian markets.
• Proven experience in developing and implementing data protection frameworks, policies, and procedures.
• Proficiency in conducting data protection impact assessments (DPIA) and managing data breach incidents.

Preferred Qualifications:

• Fluency in French would be highly advantageous.
• Professional certification in data protection (e.g., CIPP/E, CIPM, CIPP/A, CIPT, CDPO).
• Experience working with large-scale data processing systems and technologies.

Company Overview:

Ezra provides B2B digital lending solutions for emerging markets in partnership with mobile and digital wallet operators and financial service providers. Ezra supports 24 operations in 23 countries, across Africa, the Middle East and Asia. Our key office locations are in Nairobi, Kenya and Dubai, UAE. 

Our flagship products are Advance Credit Service (ACS), Nano and BNPL. 

• ACS is an airtime or data advance offered to prepaid mobile subscribers at the point of low credit. 
• Nano is a micro cash advance offered to mobile wallet users on demand. 
• BNPL facilitates payment installments for products and services 

As a FinTech company, our business is entirely technology and data driven, from determining subscriber eligibility, generating relevant offers, managing risk, loan issuance, recovery, optimizing performance and reporting, reconciliation and billing. 

Each day we process approximately 21M loan requests and 1.4 TB of data across our markets. This process needs to be robust, reliable and secure. 

But it doesn’t end there. We’re exploring new ways of using our platform and transactional data to improve our products and develop new product opportunities.