Data Protection Manager

Description

Key Responsibilities

• Develop, implement, and continuously enhance the organization’s data protection framework at a group level, including policies and procedures, and ensuring alignment with PDPL, GDPR, and other relevant global regulations.
• Lead the data privacy governance program, ensuring cross-functional alignment with legal, IT security, compliance, risk management, and business units.
• Drive data protection by design and by default, embedding privacy considerations into business processes, products, and services.
• Oversee the data governance framework, ensuring robust policies for data classification, retention, minimization, deletion, and archiving in accordance with legal and business requirements.
• Establish privacy and data ethics standards to govern the responsible use of personal data.
• Ensure organization-wide compliance with PDPL, addressing new regulatory developments and industry best practices.
• Develop and maintain compliance monitoring mechanisms, conducting regular audits, risk assessments, and gap analyses to identify and mitigate privacy risks.
• Monitor and enforce compliance with data localization requirements, ensuring personal data is processed and stored according to PDPL mandates.
• Develop strategies for ensuring compliance with cross-border data transfers, working closely with legal teams to establish appropriate safeguards.
• Oversee the data subject rights management process, ensuring timely and compliant handling.
• Manage privacy complaints and inquiries, ensuring appropriate investigation, resolution, and reporting.
• Lead the data breach response program, developing robust incident response plans, forensic investigations, and remediation strategies.
• Ensure timely notification to SDAIA and affected individuals in case of a data breach, complying with legal and regulatory requirements.
• Serve as the primary point of contact with SDAIA and other regulatory authorities, managing audits, inquiries, and compliance reporting.
• Build and maintain strong relationships with internal and external stakeholders, including regulators, auditors, legal advisors, and industry bodies.
• Keep abreast of legislative changes and enforcement actions, providing strategic guidance to senior management on regulatory developments.
• Participate in industry working groups and professional forums, influencing the evolution of data protection policies and best practices.
• Design and implement organization-wide privacy training and awareness programs, ensuring employees understand their roles and responsibilities in data protection.
• Develop tailored training for key departments (e.g., IT, HR, Marketing, Legal) to address specific privacy risks and compliance obligations.
• Foster a culture of accountability by promoting privacy awareness at all levels of the organization, from executives to operational teams.
• Conduct privacy maturity assessments, measuring the effectiveness of training programs and privacy initiatives.

Skills, Knowledge and Expertise

• Extensive knowledge of the Saudi PDPL and other relevant data protection frameworks (e.g., GDPR, NDMO regulations, ISO 27701, NIST Privacy Framework).
• 10+ years of experience in data protection, privacy governance, compliance, or risk management, preferably in regulated industries such as finance, healthcare, telecommunications, or technology.
• Demonstrated ability to lead enterprise-wide privacy initiatives, collaborating with cross-functional teams and senior leadership.
• Strong experience in regulatory engagement, managing audits, inquiries, and compliance reporting to authorities.
• Expertise in handling data breaches, incident response, and privacy risk mitigation strategies.
• Recognized privacy certifications such as CIPP/E, CIPM, CIPT, FIP, or equivalent data protection qualifications.
• Strong analytical and problem-solving skills, with the ability to navigate complex regulatory landscapes.
• Excellent leadership, communication, and stakeholder management skills, capable of influencing senior executives.
• Proficiency in privacy-enhancing technologies, data security frameworks, and privacy engineering principles.
• Proficiency in Arabic and English is required for effective communication with regulators and stakeholders.

Benefits

• We are an international team of inspired professionals located all over the globe.
• We have an inclusive company culture, embracing diversity, integrity and transparency. We strive for work-life balance and cherish the moments you spend with your loved ones, off-work. In the same spirit as for our product, we are caring and nurturing for our employees.
• Our people are granted 100% trust and freedom to apply their own vision and come up with their ideas from day 1 at Tabby. You are the one who takes responsibility for your area of work. We encourage everyone to think and make decisions like Tabby was their own business, well because it is. Our employee stock options programme is available for everyone.
• You will have an opportunity to learn and grow in one of the fastest growing fintech companies in the region.
• We offer you relocation support as well as we guide you through all the process.
• We’ll set you up with the devices required for your work.

About Tabby