Personal Data Protection Officer

ASMO is a groundbreaking joint venture between DHL and Saudi Aramco. Inheriting DHL’s logistics excellence and Saudi Aramco’s extensive supply chain ecosystem, we are here to set a new benchmark and redefine the procurement and supply chain landscape, enabling growth. ASMO aims to be operational in 2025 and provide reliable end-to end integrated procurement and supply chain services for companies across the industrial, energy, chemical, and petrochemical sectors. Our focus customers in the short term will be Saudi Aramco and its Affiliates. In the long term, all the industrial sectors within Saudi Arabia aim to reach the MENA region.

Objective:

Personal Data Protection Officer to support our compliance with the Saudi Personal Data Protection Law (PDPL), SDAIA guidelines, and other global data privacy standards. The role involves hands-on execution of privacy operations, including DPIAs, risk assessments, data subject requests, and privacy monitoring across the organization.

General Responsibilities:

• Conduct Data Protection Impact Assessments (DPIAs) for projects, systems, and processes involving personal data.
• Perform Privacy Risk Assessments to identify, evaluate, and mitigate risks in data processing activities.
• Manage Data Subject Requests (DSRs), including access, correction, deletion, and withdrawal of consent, within regulatory timelines.
• Monitor and document consents to ensure lawful processing of personal and sensitive data.
• Maintain and update Records of Processing Activities (RoPA) across departments.
• Assist in vendor and third-party privacy assessments, ensuring compliance with Data Processing Agreements (DPAs).
• Support incident and breach investigations, including documentation, impact analysis, and regulatory reporting when required.
• Conduct compliance checks and audits of personal data processing practices.
• Collaborate with IT, Legal, and Business teams to embed privacy requirements into systems and workflows.
• Prepare compliance reports and dashboards for management and regulators (e.g., SDAIA).
• Support privacy awareness and training programs to strengthen organizational compliance culture.
• Develop, maintain, and enhance privacy-related policies, processes, and procedures in alignment with regulatory requirements (implicit in RoPA, DSRs, DPIAs, etc.).
• Provide regular updates and insights to senior management on privacy risks, compliance status, and key performance metrics to support informed decision-making.

Qualifications:

• Bachelor’s degree in Information Security, Law, Compliance, IT, or related fields is required.
• Certified Data Privacy Solutions Engineer (CDPSE) preferred.
• Demonstrated proficiency in oral and written English.
• 5 years of experience in data privacy, compliance, risk management, or information security.