Data Privacy Specialist (15 months contract role for Riyadh, KSA)

Company Description

This is for our client.Our hybrid work model empowers you to choose where you work—whether it's from the office, your home, or a mix of both—so you can prioritize what matters most. We are committed to supporting your personal goals, family, and overall well-being while driving transformative results for our clients.

We welcome exceptional talent from anywhere across the globe. Interviews and onboarding are conducted virtually, reflecting our digital-first mindset.

Rooted in the region, we specialize in delivering tailored, impactful solutions in Data, Advanced Analytics and AI, Infrastructure, Cloud Security, and Application Modernization. Whether it’s enabling predictive analytics, transforming operations with automation, or driving customer engagement with intelligent platforms, we are the trusted partner for organizations ready to embrace a smarter, more efficient future.

• Record of Processing Activities (RoPA): The scope of work includes conducting RoPA, and to consistently document and manage details such as data categories, purposes, recipients, lawful bases, and retention periods as part of operations.
• Privacy Impact Assessment (PIA for Process): The scope of work includes conducting PIA assessments for business processes that involve personal data. This includes identifying privacy risks and recommending mitigation strategies. The approach should ensure ongoing compliance with regulatory requirements and support integration into operational workflows. The vendor should also support the implementation of these controls.
• Privacy Impact Assessment (PIA for System): The scope of work includes conducting PIA for system assessments and support the implementation of necessary controls as part of operations. The scope includes conducting PIAs for all relevant systems and platforms that process personal data. The assessments should identify system-level privacy risks and recommend appropriate technical and organizational controls. The vendor should also support the implementation of these controls.
• Consent Management: The scope of work is to provide operational support for the ongoing management of consent related to personal data processing. This includes maintaining standardized consent mechanisms for both employees and customers, ensuring accurate capture and tracking of consent statuses, and supporting compliance reporting requirements in alignment with data protection regulations and internal policies.
• Cookie Consent: The scope of work to provide a solution for managing cookie consents on websites and digital platforms. This may include developing a repository and implementing a consent banner that ensures users can manage their preferences in accordance with PDPL and other relevant privacy regulations.
• Data Sharing Process: The scope of work is to provide support for the established data sharing process related to the products or onboarding vendors. This includes execution of Data Sharing Agreements (DSAs), coordinating with internal stakeholders, managing documentation, and ensuring that agreements align with organizational policies and applicable data protection regulations.
• Data Breach Management: The scope of work is to provide support for the management of data breaches. This includes facilitating incident reporting, supporting the execution of incident response workflows, coordinating breach notification processes, and maintaining comprehensive documentation of breach-related activities in accordance with regulatory and internal requirements.
• Third Party Privacy Risk: The scope includes managing privacy risks associated with third-party vendors involved in personal data processing. Vendors will be expected to support the evaluation and validation of third-party privacy assessments. This also involves conducting privacy assessments for all new third-party engagements to ensure compliance with PDPL regulations and internal privacy standards.
• Training and Awareness: The vendor will assist in enhancing the organization’s privacy training and awareness programs. This includes updating existing training content to reflect current threats and best practices, integrating data privacy modules into the employee onboarding process, and developing mechanisms to automate alerts for non-compliance at the individual level. Additionally, the solution should enable reporting at the Business Unit (BU) level to monitor training completion and compliance effectiveness.

The BRD aims to provide operational support for the Data Privacy activities mentioned above and assist ARB in ensuring compliance with the PDPL and other relevant privacy regulations.