Data Protection Officer

About Flexi MFBFlexi Microfinance Bank is a digitally driven financial institution focused on providing inclusive and convenient financial solutions such as Mobile Installment financing (BNPL), consumer lending, digital banking services, and SME credit support. As we scale across Nigeria with technology-led operations, customer privacy, regulatory compliance, and cybersecurity protection remain at the core of our operational standards.Role SummaryThe Data Protection Officer (DPO) is responsible for ensuring that Flexi MFB processes personal, financial, and sensitive data in compliance with applicable data privacy laws and cybersecurity standards including the Nigeria Data Protection Regulation (NDPR), the Nigeria Data Protection Act, CBN IT & Cybersecurity Frameworks, GDPR principles, ISO 27001, and internal governance controls.This role requires a strategic thinker with hands-on compliance execution skills, strong knowledge of privacy regulations, fintech security frameworks, and operational risk management workflows.Key ResponsibilitiesData Governance & ComplianceDevelop, implement, and maintain Flexi MFB’s Data Privacy Framework, aligned to NDPR, NDPA, GDPR standards, and CBN cybersecurity policies.Lead periodic data audits and privacy assessments across departments, systems, and 3rd-party vendors.Maintain and update Flexi’s Data Protection Policy, Data Retention Policy, Access Control Standards, and privacy notices.Regulatory Liaison & Legal ComplianceServe as the official contact for the Nigeria Data Protection Commission (NDPC), CBN regulators, and external auditors.Submit mandatory compliance filings and Data Protection Compliance Audit Reports (DPAR).Track emerging privacy legislation and proactively update internal processes.Privacy by Design & Engineering ControlsCollaborate with Tech and Product teams to embed privacy controls into product lifecycle, onboarding flows, mobile apps, APIs, and lending platforms.Review data architecture and ensure minimization, encryption, masking, and controlled access to sensitive data.Incident Response & Risk ManagementLead Data Protection Impact Assessments (DPIA) and threat-modelling exercises.Manage data breach response processes including documentation, investigation, regulatory reporting, and remediation.Work closely with Information Security, Legal, and SOC teams to reduce risk exposure.Training, Awareness & Culture EnablementDevelop employee training programs, awareness campaigns, and compliance onboarding modules.Implement internal monitoring dashboards for ongoing compliance and reporting.Vendor and Third-Party Risk ManagementConduct due diligence and annual compliance reviews for technology vendors handling customer or financial data.Ensure that data-sharing agreements, SLAs, and NDPR contractual obligations are enforced.Qualifications & ExperienceBachelor’s Degree in Law, IT, Cybersecurity, Data Science, Business, or related field.Master’s degree (added advantage).Minimum 5–7 years’ experience in data compliance, cybersecurity governance, fintech risk, or privacy law.Hands-on experience within ** fintech, microfinance, payments, banking, or digital lending** strongly preferred.Required Certifications (at least one):NDPR Certified Data Protection Officer (Licensed by NDPC)CIPP/E or CIPP/ACDPO (Data Privacy Professional)ISO 27001 Lead Auditor/ImplementerCIPM, CEH, CISSP, CRISC (advantage)Skills & CompetenciesStrong understanding of privacy frameworks: NDPR/NDPA, GDPR, CBN Risk Framework, PCI DSS, ISO 27001Technical understanding of cloud security, encryption, access control, authentication mechanismsStrong legal interpretation and policy drafting abilityExcellent communication, documentation, and stakeholder alignment skillsAbility to work cross-functionally with Technology, Compliance, Risk, HR, Operations, and Legal teamsWhy Join Flexi MFB?Be at the forefront of driving secure financial inclusion in AfricaOpportunity to shape privacy strategy in a fast-growing digital financial ecosystemCompetitive salary, performance-based incentives, and continuous career developmentA culture built on innovation, transparency, and regulatory excellence