Job Title: Data Protection Officer (DPO)

Experience: 10+ Years
Certification: IAPP (CIPP/E, CIPM, CIPT) – Preferred
Language: Arabic Speaker (Mandatory/Preferred)
Educational Background: Law Degree (LLB/LLM preferred)
Employment Type: Full-Time
Location: Riyadh - Onsite

Role Summary

We are seeking a highly experienced Data Protection Officer (DPO) to lead and oversee the organization’s data protection strategy and compliance framework. The ideal candidate will have over 10 years of experience in data privacy, a strong legal background, and recognized IAPP certification. The DPO will ensure compliance with applicable data protection regulations (such as GDPR and regional data privacy laws), mitigate data risks, and act as the primary point of contact for regulatory authorities.

Key Responsibilities

1. Regulatory Compliance & Governance

• Ensure compliance with GDPR and applicable regional data protection regulations.

• Develop, implement, and maintain enterprise-wide data protection policies and procedures.

• Monitor changes in data privacy laws and advise leadership on regulatory impact.

• Act as the primary liaison with regulatory authorities.

2. Data Protection Strategy

• Establish and maintain the organization’s data protection framework.

• Lead Data Protection Impact Assessments (DPIAs).

• Oversee data mapping, data inventory, and records of processing activities (RoPA).

• Implement privacy-by-design and privacy-by-default principles.

3. Risk Management

• Identify and assess privacy risks across business operations.

• Develop mitigation plans for data protection risks.

• Lead investigations of data breaches and ensure proper reporting.

4. Advisory & Training

• Provide legal and regulatory guidance to business units.

• Conduct organization-wide privacy training and awareness programs.

• Advise on cross-border data transfers and vendor risk assessments.

5. Audit & Monitoring

• Conduct internal audits to ensure ongoing compliance.

• Manage third-party data protection assessments.

• Prepare compliance reports for senior leadership and board-level stakeholders.

Required Qualifications

• 10+ years of experience in data privacy, data governance, or regulatory compliance.

• Strong legal background (LLB/LLM required or highly preferred).

• IAPP Certification (CIPP/E, CIPM, or CIPT) preferred.

• Proven experience handling GDPR and regional data protection laws.

• Strong understanding of data governance, cybersecurity, and risk frameworks.

• Experience interacting with regulatory authorities.

• Excellent stakeholder management skills.

• Fluency in Arabic and English.

Preferred Experience

• Experience in highly regulated industries (Banking, Telecom, Healthcare, Government).

• Experience in multinational or cross-border environments.

• Familiarity with ISO 27701, ISO 27001, and NCA frameworks (if applicable to region).

• Experience building data protection functions from scratch.

Key Competencies

• Strong analytical and legal interpretation skills

• High ethical standards and integrity

• Excellent communication and leadership abilities

• Strategic thinking with operational execution capability

• Ability to work independently and report to executive leadership