Data Privacy Expert

Onsite Job : Banking Sector Riyadh Saudi Arab.

Execute Data Privacy and Protection Strategy in line with Saudi Arabias PDPL and NDMO.
Develop and operationalize Data Privacy Policies Processes/Procedures Standards Principles Guidelines and Templates to comply with KSA PDPL and NDMO regulations (including but not limited to Personal Data Breach procedures DPIA PIA RoPA etc.)
Advise the Bank and employees on data processing requirements under the KSA PDPL and ensure compliance.
Provide guidance on data protection impact assessments (DPIA) for data collection and processing.
Ensure all bank records and systems containing personal data align with PDPL.
Develop a comprehensive risk register that encompasses all identified risks along with corresponding treatment plans closure dates and responsible stakeholders.
Define Personal Data Protection Standards to be followed by the Information Security Team.
Conduct due diligence on vendors and monitor their adherence to privacy obligations.
Regularly review and update personal data privacy and protection practices.
Review and advise on controls implemented by the business to ensure compliance with data protection requirements and internal policies.
Collaborate with SAMA Saudi Data and Artificial Intelligence Authority (SDAIA) and other relevant authorities on data protection matters.
Act as the point of contact for data subjects (e.g. customers) and regulatory authorities.
Collaborate with procurement and legal teams to evaluate privacy risks associated with third-party vendors and service providers.
Review and negotiate privacy terms in vendor contracts to ensure compliance with data protection requirements.
Provide regular reports to senior management and relevant stakeholders on privacy program effectiveness compliance status and emerging privacy risks.
Collaborate with legal to address privacy-related legal requirements inquiries and regulatory investigations.
Serve as a liaison between Business and Functional areas and technology to ensure data-related business requirements for protecting personal and sensitive data are clearly defined communicated and well understood.
Manage and advise the relevant stakeholders on data transfers across borders including approvals and monitoring.
Establish processes to manage personal data transfers and data sharing agreements with external parties while maintaining privacy compliance.
Support the bank in prioritizing processing activities.
Conduct data flow mapping exercises to identify the journey of personal data from collection to destruction covering data collection points systems used for processing storage etc.
Conduct the RoPA exercise and maintain its repository for all personal data processing activities.
Conduct PIAs for all processing activities identified in the RoPAs to determine which require DPIAs.
Perform DPIAs based on the results of the PIAs.
Review the existing ERM framework and provide recommendations for changes considering the KSA PDPL requirements and collaborate with the ERM team to enhance the framework.
Offer consultation in the event of a data breach or incident report to senior management promptly and take necessary actions.
Facilitate the identification investigation management and resolution of compliance-related issues.
Prepare relevant compliance reporting to meet both internal and external regulatory requirements.
Ensure that Bank IT systems and procedures comply with relevant data privacy and protection laws regulations and policies.
Inform and educate the Bank its service providers and the data subjects about their data protection rights obligations and responsibilities.
Provide clear and transparent privacy notices to data subjects across all channels.
Respond to Data Subject Rights Requests (DSRs) and establish policies and procedures for handling DSRs.
Foster a data protection culture within the bank and implement key data protection principles.
Promote continuous training to maintain data protection awareness and feedback processes by liaising with information security and learning and development departments.
Support the Bank in engaging a vendor to implement privacy technologies. This includes preparing the RFP developing selection criteria attending demo sessions participating in scoring vendors providing input and recommendations for choosing a suitable solution and supporting implementation and migration processes.
Define changes required in IT change management procedures due to data privacy procedures and work with IT for implementation.
Review and provide recommendations on the internal audit process and framework to include the impact of data privacy.
Define roles and responsibilities related to data privacy ensuring clear accountability for stewardship of the Banks principal information assets.
Define performance metrics and ensure compliance with data protection and privacy policies standards roles and responsibilities.

Bachelors degree in engineering Information Technology Cybersecurity or a related field.
Fluent in spoken and written Arabic and English.
A minimum of 5 years of experience in a dedicated data privacy or data protection role.
Demonstrable expertise in the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations.
Proven experience working with data governance privacy and cybersecurity frameworks specific to the Saudi financial sector (e.g. SAMAs Cyber Security Framework IT Governance Framework).
Strong understanding of privacy principles such as data minimization purpose limitation and accountability.
Excellent communication interpersonal and leadership skills with the ability to influence stakeholders at all levels.
High level of integrity and professional ethics with the ability to handle confidential information with discretion.

Excellent IT skills: Full Microsoft Office suite.
In-depth knowledge of PDPL and other relevant data protection laws and regulations.
Sufficient knowledge of information technology and data management systems required.
Well-developed and professional interpersonal skills; ability to interact effectively with people at all organizational levels of the firm.
Experience of working in a large organization.
Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.

BEHAVIOURAL COMPETENCIES
Strong emotional intelligence in leadership comprising of demonstrating empathy but remaining objective.
Excellent writing and presentation skills.
Highly organized structured and disciplined with great attention to detail.
The ability to work under pressure and juggle multiple active priorities.
Ability to use independent judgment and discretion when making majority of decisions.
Ability to handle confidential and sensitive information with the appropriate discretion