Data Protection Officer (DPO)

Karachi, Pakistan

Guarantee organizational adherence to relevant data protection laws and regulations
Monitor changes in privacy laws and promptly update policies and procedures to align with the evolving legal landscape
Prepare and regularly review Data Privacy policies and procedures to ensure compliance with legal, regulatory, and organizational updates
Assist in the development and implementation of the Data Privacy strategy, integrating it into the broader Information Security strategy of the organization
Conduct privacy impact assessments for new projects, processes, or technologies involving personal data
Identify and document the types of personal data processed, establish the purposes of processing, and classify data based on sensitivity. Implement appropriate protection measures accordingly
Manage and respond to data subject access requests and inquiries related to privacy concerns
Provide training to employees on data protection practices and foster privacy awareness within the organization
Collaborate with other departments to ensure a holistic approach to data protection, fostering a culture of compliance throughout the organization
Support reporting authorities in implementing procedural control measures identified through audits, risk assessments, compliance reviews, etc
As the go-to person for data protection, the DPO ensures that data management policies align with security and compliance requirements
Oversee the development, implementation, and enforcement of information/data classification policies, ensuring comprehensive coverage in SOP/Baseline documents
Perform internal privacy audits and assessments to identify gaps and areas for improvement. Recommend and implement corrective actions as needed
Work with Procurement and Third-Party Risk Management teams to ensure adequacy of assessment, evaluation, and monitoring of third-party vendors that handling personal data, in terms of their data handling practices, security and contracts, to ensure they comply with privacy and data protection requirements
Undertake any other related duty assigned by the HOD Information Security

Requirements

Knowledge and understanding of common data protection management frameworks & best practices
Ability to assess privacy impact, classify data, and establish protective measures based on sensitivity
Comprehensive understanding of Data Privacy strategy and its alignment with broader Information Security goals
Strong analytical, communication, collaboration, problem-solving, documentation and leadership Skills to convey complex data protection concepts to diverse audiences, both internal and external
Bachelor's degree in a technology/engineering/information security related field required
Minimum 6 to 7 years of hands-on experience in Data & information security in a large enterprise environment

Benefits