Job Description
ROLE PURPOSE:
Personal Data Protection Officer to support our compliance with the Saudi Personal Data Protection Law (PDPL), SDAIA guidelines, and other global data privacy standards. The role involves hands-on execution of privacy operations, including DPIAs, risk assessments, data subject requests, and privacy monitoring across the organization.
KEY RESPONSIBILITIES/ ACCOUNTABILITIES:
▪ Conduct Data Protection Impact Assessments (DPIAs) for projects, systems, and processes involving personal data.
▪ Perform Privacy Risk Assessments to identify, evaluate, and mitigate risks in data processing activities.
▪ Manage Data Subject Requests (DSRs), including access, correction, deletion, and withdrawal of consent, within regulatory timelines.
▪ Monitor and document consents to ensure lawful processing of personal and sensitive data.
▪ Maintain and update Records of Processing Activities (RoPA) across departments.
▪ Assist in vendor and third-party privacy assessments, ensuring compliance with Data Processing Agreements (DPAs).
▪ Support incident and breach investigations, including documentation, impact analysis, and regulatory reporting when required.
▪ Conduct compliance checks and audits of personal data processing practices.
▪ Collaborate with IT, Legal, and Business teams to embed privacy requirements into systems and workflows.
▪ Prepare compliance reports and dashboards for management and regulators (e.g., SDAIA).
KNOWLEDGE & EXPERIENCE:
▪ Bachelor’s degree in Information Security, Law, Compliance, IT, or related fields is required.
▪ Certified Data Privacy Solutions Engineer (CDPSE) preferred
▪ Demonstrated proficiency in oral and written English
▪ 5 years of experience in data privacy, compliance, risk management, or information security.
▪ Knowledge of the Saudi PDPL and SDAIA regulations (GDPR or other international privacy frameworks is a plus).
▪ Strong skills in risk assessment, documentation, and incident handling.
▪ High standards of integrity, confidentiality, and attention to detail.