Data Privacy Officer

Objective:

This position is responsible for ensuring organizational compliance with data protection regulations by implementing robust privacy frameworks, overseeing risk mitigation, and safeguarding personal and sensitive information in accordance with global standards such as GDPR, ISO 27001, and PCI DSS.

Key Responsibility:

Data Protection Compliance:

• Design and implement data privacy programs in compliance with GDPR, KSA PDPL, DIFC Data Protection Law, India’s IT Act, and other applicable laws.
• Ensure alignment with ISO 27001 (Information Security Management) and PCI DSS standards.
• Act as the liaison with regulatory authorities and oversee Data Protection Impact Assessments (DPIAs).

Policy Development:

• Draft, update, and enforce data protection policies, SOPs, and privacy notices.
• Ensure all internal practices are updated to reflect evolving legal and cybersecurity standards.

Risk Management:

• Conduct regular data protection risk assessments, gap analysis, and audits.
• Recommend and enforce technical and organizational measures to mitigate privacy risks.
• Lead investigation and response for data breaches or security incidents.

Training & Awareness:

• Deliver ongoing data privacy training and awareness programs across departments.
• Promote a culture of compliance through workshops and communication initiatives.

Third-Party Vendor Management:

• Assess and monitor third-party vendors for privacy compliance.
• Draft and enforce Data Processing Agreements (DPAs) and relevant clauses in vendor contracts.

Data Subject Requests:

• Oversee procedures for responding to Data Subject Access Requests (DSARs), including access, correction, deletion, and portability.
• Ensure timely and lawful handling in line with applicable regulations.

Monitoring & Reporting:

• Track privacy KPIs and monitor effectiveness of implemented privacy controls.
• Provide reports to senior management on compliance status, incident logs, and risk mitigation actions.

International Data Transfers:

• Ensure compliance with cross-border data transfer regulations.
• Implement safeguards such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) where applicable.

Stakeholder Engagement:

• Collaborate with Legal, IT, Compliance, and HR departments to ensure integrated privacy practices.
• Represent the organization in industry forums and stay informed on regulatory changes and global privacy trends.

Desired Experience:

• Master’s degree in Information Security, Law, Computer Science, or a related field.
• Certifications such as CIPP/E, CIPM, ISO 27001 Lead Implementer, or PCI DSS Implementation.
• 10+ years of experience in data privacy, cybersecurity, or information security roles, preferably in the retail or banking sector.
• Strong understanding of regional and international data protection laws and security frameworks.
• Proven experience in managing breaches, regulatory audits, and multi-market compliance programs.