Data Protection and Information Security Analyst -Tanzania
Job Summary
The role involves monitoring, assessing, and improving data protection and information security practices across clients and within the organization, managing incidents, and conducting training and awareness initiatives to strengthen overall compliance and security posture.
Job Description
1. Data Protection & Privacy Compliance
· Support the implementation and maintenance of the organization’s data protection framework.
· Assist in developing and maintaining the Record of Processing Activities (ROPA).
· Conduct regular Data Protection Impact Assessments (DPIAs) and advise departments on mitigating privacy risks.
· Review data processing agreements and contracts to ensure compliance with PDPA 2022 requirements.
· Assist in responding to data subject access requests (DSARs) and managing privacy incidents or breaches.
· Monitor data transfer activities to ensure compliance with cross-border data flow restrictions.
· Support the DPO in preparing periodic compliance and audit reports for management and regulators.
2. Information Security Operations
· Implement, monitor, and continually improve information security controls under the Integrated Management System (IMS) aligned with ISO 9001:2015 and ISO/IEC 27001:2022 standards.
· Conduct risk assessments and support the development of mitigation plans.
· Participate in vulnerability assessments and coordinate with relevant teams for remediation.
· Monitor system logs, alerts, and incidents to detect and respond to security threats.
· Support in developing and maintaining the Information Security Management System (ISMS) documentation.
· Coordinate internal and client security awareness and training programmes.
3. Governance, Policy & Awareness
· Develop and maintain policies, procedures, and guidelines on data protection and information security.
· Conduct awareness sessions for employees, customers, and third parties on privacy and cybersecurity best practices.
· Collaborate with IT, Legal, HR, and other departments to embed data protection and security in daily operations.
4. Incident Management & Reporting
· Participate in incident response activities, including investigation, containment, and reporting.
· Maintain the incident register and assist in preparing incident reports for the DPO and management.
· Support business continuity and disaster recovery initiatives
Qualifications and Experience
· Bachelor’s degree in Computer Science, Information Technology, Information Security, or related field.
· Foundational knowledge of data protection, information security, or quality management systems.
· Preferred certifications (any of the following would be an advantage but not mandatory):
o ISO/IEC 27001 Foundation, Implementer, or Auditor
o ISO 9001 Internal Auditor
o CompTIA Security+, CEH, or equivalent cybersecurity certification
o Data Protection or Privacy certification
o ISACA certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).
· Minimum of 3 years’ experience in information security, data protection, or related field.
· Familiarity with Tanzania’s PDPA 2022, GDPR, or similar privacy regulations.
· Good understanding of documentation and record-keeping within a structured management system.
Key Skills and Competencies
· Strong understanding of data protection principles and information security controls.
· Analytical and problem-solving skills.
· Excellent written and verbal communication skills.
· Attention to detail and ability to handle sensitive information with discretion.
· Ability to work collaboratively with cross-functional teams.
· Strong organisational and documentation skills.
Salary Package.
TZS 2M gross per month
