Overview
Data Protection Officer Jobs in Riyadh, Saudi Arabia at MBC GROUP
Title: Data Protection Officer
Company: MBC GROUP
Location: Riyadh, Saudi Arabia
Key Responsibilities:
Regulatory Compliance & Governance:
Ensure full compliance with GDPR, Saudi PDPL, and other applicable data protection regulations.
Develop, implement, and maintain data protection policies and procedures.
Monitor changes in Saudi and other applicable data protection laws and advise the organization accordingly.
Data Protection Program Management:
Establish a comprehensive data protection framework, including privacy policies, data subject rights procedures, and incident response plans.
Conduct Data Protection Impact Assessments (DPIAs) for new projects and technologies.
Implement and oversee data classification and handling procedures.
Training & Awareness:
Conduct regular training sessions for employees on data protection best practices.
Promote a culture of data privacy awareness within the organization.
Data Subject Right Management:
Handle request from data subjects regarding access, correction, deletion, portability, and restriction of their personal data.
Ensure proper documentation and compliance with data subject rights under applicable laws.
Incident & Breach Management:
Develop and manage data breach response protocols.
Ensure timely reporting of data breaches to SDAIA, European Data Protection Authorities (DPAs), and other relevant bodies as required.
Liaison with Regulatory Authorities & Stakeholders:
Serve as the primary point of contact between the organization and SDAIA, as well as EU Data Protection Authorities where applicable.
Coordinate with legal, IT, and compliance teams to align data protection efforts.
Engage with third-party vendors to ensure compliance with data protection requirements under PDPL and GDPR.
Conduct regular audits to assess data protection measures and compliance with PDPL and GDPR.
Identify potential risks and implement necessary controls to mitigate them.
Prepare reports for senior management on data protection risks and compliance status.
Requirements & Core Competencies:
Education & Certification
Bachelor’s degree in computer science, Information Management, Law, IT, Cybersecurity, Compliance or a related field (master’s degree preferred).
CIPP/E or CDPO certification is required, DAMA (CDMP) preferred.
Technical & Domain Expertise
Minimum 5+ years of experience in data protection, compliance, or information security.
Proven experience implementing data governance frameworks (ideally DAMA) in a complex organization.
Demonstrable track record in data catalog implementation, data quality management, and metadata management.
Strong knowledge of cloud platforms (e.g., AWS, Azure, GCP) and data architecture concepts.
In-depth knowledge of KSA PDPL, SDAIA regulations, GDPR, and global data protection frameworks.
Project & Stakeholder Management
Solid project management skills with a history of leading cross-functional data governance programs.
Experience in defining, monitoring, and reporting on KPIs to measure program effectiveness.
Ability to work collaboratively across diverse departments and external vendors.
Soft Skills & Cultural Alignment
Experience working in Saudi Arabia or deep familiarity with the region’s cultural nuances.
Fluent Arabic speaker (preferred for effective communication within the organization and with external stakeholders).
Proficiency in English (required for alignment with global standards and teams).
Exceptional communication, interpersonal, and problem-solving skills.
Proven leadership capabilities, with the ability to influence and drive change in a matrixed environment.
Adaptable, flexible, agile, and energetic personality to manage fast-paced initiatives.
