September 14, 2023

Job Opportunities in VisionFund Rwanda 

‘’Make a difference to thousands in the land of a thousand hills’’

VisionFund Rwanda (VFR), is Rwanda’s largest microfinance Institution committed to the development of Rwanda through providing affordable financial services (savings and loans) to the less privileged throughout its 4zones in Rwanda. VFR is the institution where you can develop your expertise working with the best people worldwide in a dynamic, team focused high performance environment. If you are looking for interesting but challenging work where you can make a difference in the world, then VFR has the will to make it so. VFR needs to recruit experienced and qualified staff on following positions:

Information protection Officer

Reporting to Head of IT

Work location: Head Office/Nyarutarama

JOB SUMMARY

The Information protection officer will be responsible for ensuring that VFR processes the personal data of its stakeholders (staff, customers, providers, suppliers) in compliance with the applicable data protection rules. She/he will also be responsible for the security of all digital and paper-based data and information in all the VFR business processes, systems and activities.

Major responsibilities

• Implementing a privacy & information security governance framework to manage data use in compliance with regulations in place
• Working with relevant stakeholders in the development of templates for data collection, assisting with data mapping as well as assisting in the review of projects and related data to ensure compliance with local data privacy laws
• Serving as the primary point of contact and liaison for the Data Protection Authorities on all data protection related matters.
• Reviewing vendor contracts and consents to ensure information protection.
• Coordinating and conducting data privacy & information security audits.
• Advising the Data Privacy / Information Security Governance Committee on Implementation an information security governance.
• Conducting data risk assessment and treatment plans, business data loss impact assessments
• Ensuring the development and implementation of business continuity & disaster recovery plans and assisting in Business Continuity testing of mission critical applications and stored data.
• Monitoring changes to privacy laws and making recommendations to the Data Privacy / Information Governance Committee when appropriate.
• Collaborating with business functions/department to raise employee awareness on data privacy and security issues.
• Developing and delivering privacy & information security training to various business functions.
• Maintain records of all data assets and exports and maintaining a data security / information security incident management plan to ensure timely remediation of incidents.
• Liaise with regulatory authorities such and act as the point of contact for all data protection-related matters including consultation and reporting
• Develop and deliver cybersecurity awareness training covering data protection that informs all stakeholders of their obligations while processing personal data and related audits.
• Conduct Data Protection Impact Assessment to identify potential risks related to procession of personal data, implement adequate controls to mitigate them and monitor and mitigate any other emergency risks.
• Handle data subject requests and complaints such as access requests and rectification requests
• Develop, implement and maintain data protection policies, procedures and guidelines
• Provide regular reports to senior management on data protection compliance and key risk indicators.
• Monitor and assess the effectiveness of data protection controls and make recommendations for improvements.
• Analyze controls in place and define new controls to address privacy risks to data subjects whose data is shared with VFR
• Lead security assessments on all data and information holding storage and channels.

Qualifications and Experience:

• Bachelor of Information Security, Information Technology, Bachelor of data analytics, Business Administration, Management, Law.
• 3 Years in data and/or information protection or similar role
• Solid knowledge of national data protection laws
• Experience in data protection & Information Security Management
• Knowledge of data processing operations is preferrable
• Knowledge of Data Protection or Privacy management framework, cybersecurity standard operating procedures is an advantage
• Experience in conducting security Audit will be an advantage
• Knowledge of risk assessment tools and Familiarity with computer security systems is added advantage
• Ability to handle confidential information

Our offer

VisionFund Rwanda is willing to offer you a competitive salary, challenging work where you can make a difference in the world, develop your expertise by working with the best people worldwide in a dynamic, team focused and high performing environment