Personal Data Protection Specialist

Company Overview

ExeQut is consulting done right. We are a trusted vendor for enterprise apps and portals, and our proprietary development process enables us to deliver on time, avoid common design mistakes, and reduce the total life-cycle cost of ownership. At ExeQut, we prioritize understanding core business issues and developing solutions that add immediate value. Transparency and communication are the cornerstones of our approach. Our projects are partnerships, ensuring that clients are involved in every step of the journey, from inception to completion.

Role summary

Seeking a Personal Data Protection Officer to lead the implementation of the Saudi Personal Data Protection Law PDPL and related regulations across the organization, ensuring robust protection of individuals' personal data and ongoing compliance with national and sectoral requirements.

Key responsibilities:

• Lead the personal data protection program and oversee compliance with the Saudi PDPL, its Implementing Regulations, and national Data Governance Policies and Data Management & Personal Data Protection Standards issued by SDAIA/NDMO.
• Establish and maintain a comprehensive record of processing activities, RoPA, including data inventories and data flows between internal systems and external parties.
• Develop, review, and maintain privacy and data protection policies and procedures, including data subject rights, data retention, data sharing, and personal data breach management.
• Coordinate with IT, Information Security, Compliance, Legal, and Business units to embed PDPL requirements into systems, contracts, projects, and change initiatives, and support privacy impact and risk assessments DPIA when required.
• Prepare and present regular reports to senior management on compliance status, key risks, incidents, and remediation plans.
• experience with data transfer outside the Kingdom.

Qualifications and experience

• Bachelor's degree in law, Sharia with law track, Information Systems, Computer Science, Cybersecurity, Data Management, or a related discipline.
• 4–7 years of relevant experience in one or more of the following domains
• data protection and privacy, data governance, information security, compliance, risk management, or internal audit, with proven exposure to Saudi or GCC environments.
• Solid working knowledge of the Saudi PDPL, its Implementing Regulations, and the national Data Management and Personal Data Protection Controls issued by SDAIA, preferably with hands-on experience in a PDPL compliance or alignment project.
• Strong ability to draft policies, procedures, and formal reports in both Arabic and English and to interact with regulators and internal governance committees.

Preferred professional certifications

• Certifications are not mandatory, but are considered a strong plus
• Privacy and data protection
• CIPP/E, CIPP/A, CIPM, CIPT, or equivalent recognized privacy certifications.
• Information security and governance
• CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, ISO 27701 training, or data management certifications such as CDMP.

Skills Required

• Good understanding of data management and data governance concepts, including data classification, data quality, and key national frameworks.
• Familiarity with information security and risk management practices, and the ability to collaborate with technical and non-technical stakeholders.
• Excellent communication, influencing, and awareness-building skills with the ability to promote a culture of personal data protection across the organization.

Additional Information

• Role Type: Full-Time
• Location: Onsite

Join ExeQut and be part of a dynamic team ensuring data integrity and accessibility for business success!