Data Privacy Specialist

Bengaluru, Karnataka, India
Full Time
Senior Manager/Supervisor

Job Description – Data Privacy Specialist

Job TitleData Privacy Specialist
Job Location - Riyadh - KSA


Job Purpose

The Data Privacy Specialist is responsible for designing, implementing, and maintaining the organization's Data Privacy framework to ensure compliance with applicable privacy laws, regulations, and organizational policies. The role supports the implementation of privacy governance processes, conducts privacy assessments, manages privacy risks, and promotes a culture of data protection across the organization.

Working closely with the Data Privacy Officer (DPO), business stakeholders, IT teams, legal, compliance, and Privacy Champions, the specialist ensures that personal data is collected, processed, stored, and shared in accordance with regulatory requirements, including the Saudi Personal Data Protection Law (PDPL), SDAIA guidelines, and other applicable international privacy standards.


Key Responsibilities

Data Privacy Governance

  • Support the Data Privacy Officer in developing, implementing, and maintaining enterprise Data Privacy policies, standards, procedures, and operating models.
  • Implement privacy governance processes to ensure compliance with organizational and regulatory requirements.
  • Develop and maintain privacy-related documentation, standards, and operating procedures.
  • Support the integration of privacy controls into enterprise data governance initiatives.

Privacy Compliance

  • Conduct periodic privacy compliance assessments to evaluate adherence to applicable data protection laws and organizational policies.
  • Monitor compliance with the Saudi Personal Data Protection Law (PDPL), SDAIA requirements, and other relevant privacy regulations.
  • Identify compliance gaps and recommend corrective actions.
  • Prepare compliance reports, dashboards, and management updates.

Privacy Risk Management

  • Perform Privacy Risk Assessments across business units and systems.
  • Develop and maintain the enterprise Privacy Risk Register.
  • Identify privacy risks and collaborate with stakeholders to define mitigation plans.
  • Monitor implementation of remediation activities and track residual risks.

Data Protection Impact Assessments (DPIA)

  • Develop, implement, and maintain Data Protection Impact Assessment (DPIA) processes.
  • Facilitate DPIAs for new systems, projects, and business initiatives involving personal data.
  • Ensure Privacy by Design and Privacy by Default principles are embedded throughout project lifecycles.
  • Review project documentation to ensure privacy requirements are addressed before implementation.

Personal Data Inventory & Data Flow Management

  • Guide Privacy Champions and business units in developing and maintaining Personal Data Inventories.
  • Support documentation and maintenance of enterprise Data Flow Maps.
  • Ensure personal data processing activities are accurately documented and regularly updated.
  • Validate processing activities against applicable regulatory requirements.

Privacy Awareness & Training

  • Develop and deliver privacy awareness programs for business and technical teams.
  • Conduct workshops and training sessions on privacy principles, regulatory obligations, and organizational privacy practices.
  • Promote a culture of privacy and responsible data handling across the organization.
  • Support Privacy Champions in driving privacy awareness within their respective business units.

Stakeholder Engagement

  • Collaborate with Legal, Information Security, Risk Management, Data Governance, IT, and business teams to implement privacy requirements.
  • Provide privacy guidance during system implementation, cloud adoption, and digital transformation initiatives.
  • Support internal and external audits related to privacy compliance.
  • Prepare executive reports and presentations on privacy compliance, risks, and improvement initiatives.

Qualifications & Experience

Education

  • Bachelor's degree in Information Security, Computer Science, Information Systems, Cybersecurity, Law, Data Management, or a related discipline.
  • Master's degree is preferred.

Experience

  • Minimum 7 years of professional experience in Data Privacy, Data Protection, Information Governance, Compliance, or related disciplines.
  • Proven experience implementing enterprise Data Privacy frameworks and compliance programs.
  • Experience supporting privacy governance within large organizations.
  • Experience conducting Privacy Risk Assessments, DPIAs, and privacy compliance reviews.
  • Experience working with cross-functional business and technical teams.

Mandatory Skills

  • Strong Arabic and English communication skills (written and verbal).
  • Strong understanding of Data Privacy principles, including:
    • Data Minimization
    • Purpose Limitation
    • Lawful Processing
    • Accountability
    • Privacy by Design
    • Privacy by Default
    • Consent Management
    • Data Subject Rights
  • Experience developing and maintaining Data Protection policies, procedures, standards, and operating models.
  • Strong understanding of privacy risk management methodologies.
  • Excellent project management and stakeholder management skills.
  • Strong analytical, documentation, and problem-solving capabilities.
  • Ability to interpret and apply privacy regulations to business operations.

Regulatory Knowledge

Good understanding of:

  • Saudi Personal Data Protection Law (PDPL)
  • SDAIA Data Privacy Guidelines
  • NDMO Data Management Standards
  • GDPR (General Data Protection Regulation)
  • ISO/IEC 27701 Privacy Information Management
  • ISO/IEC 29100 Privacy Framework
  • Other applicable regional and international privacy regulations

Technical Skills

Candidates should have experience with one of the following technology stacks:

Option 1 (Open Source / Modern Privacy Stack) – Mandatory Combination

Must Have

  • Ethyca Fides

Good to Have

  • Eramba
  • OCI Data Safe

Option 2 (Enterprise Privacy Stack) – Mandatory Combination

Hands-on experience with one or more of the following:

  • OneTrust
  • BigID

Experience with equivalent enterprise privacy management platforms is also considered valuable.


Preferred Certifications

One or more of the following certifications is preferred:

  • Certified Information Privacy Professional (CIPP/E, CIPP/A, or equivalent)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • ISO/IEC 27701 Lead Implementer or Lead Auditor
  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • Certified Information Systems Security Professional (CISSP)
  • Certified Data Privacy Solutions Engineer (CDPSE)
  • Equivalent industry-recognized Data Privacy or Information Security certifications
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*