Data Privacy and Protection Specialist

Job Description:

Purpose: The Data Protection and Privacy Specialist will be instrumental in ensuring the organization's compliance with the Personal Data Protection Law (PDPL) and other relevant data protection regulations. The Specialist will be responsible for conducting reviews/assessments, developing and implementing privacy training programs, developing policies/procedures, managing data subject rights, conducting data protection impact assessments (DPIA) and ensuring the effective implementation of data protection and privacy measures across the organization. Additionally, the specialist will be involved in third-party risk management and procurement processes related to data protection. The specialist will work closely with IT teams to assess and implement consent management procedures, monitor data protection and privacy practices, drive technical measures for data protection, and assist in data breach management. Internal Contacts: External Contacts: • Data Privacy Program Owner • Cybersecurity Director • Cybersecurity GRC Manager • Cybersecurity OPS Manager • Cybersecurity Team • IT / OT Team • Legal • Internal Auditor, and • Any other Departments if required • Contractors • Suppliers and Vendors • Consultants • External Auditors • External Support Groups • Government Entities • Competent Authority Requirements and Qualifications: • Bachelor’s degree in information security, Computer Science, or related field (master’s degree preferred). • Five to six (5 – 6) years of related work experience in information security, cybersecurity working on Data Protection and Data Privacy with proven record of compliance role in a complex organizational setting. • Certification in data protection (e.g., CIPP/E, CIPT, CIPM) is highly desirable. • Strong understanding of global data protection laws and regulations (e.g., GDPR, KSA PDPL). • Experience in implementing and managing consent management procedures. • Knowledge of technical measures for data protection and incident detection. • Knowledge of data protection and governance technologies. • Understanding of networking and core networking protocols (e.g. TCP/IP, UDP, DNS, SMTP, HTTP, and distributed networks). • Knowledge in different types of VPN, Encryption Standards, Certificates. • Strong understanding of security controls in public cloud environments (i.e. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform) and SaaS services hardening.