Data Protection Officer

Job Summary

Studies Personal Data schemes and the applicable privacy laws and regulations like SAMA, NDMO, SDAIA, and GDPR. Analyzes privacy risks. Develops and oversees the implementation of an organization’s privacy and data protection compliance program and internal policies. Supports organizational response to a privacy or data protection incident.

Assist in overseeing and mitigating emerging cyber security risks which may impact Wataniya’s business. Also, will ensure that the security operations are aligned with the implemented policies, standards and procedure and hence aligned with the business objectives. He/ She will maintain the brand and security posture of Wataniya by providing innovative recommendations to resolve critical cyber security issues.

Job Responsibilities

1.Conduct Privacy Impact Assessments (PIAs) to ensure that Personally Identifiable Information (PII) is appropriately protected.

2.Work with:

others on policies, processes and procedures relating to cybersecurity and privacy.

the organization's Stakeholders, legal advisers , Human Capital, Management, and relevant third parties to ensure that all services comply with privacy and data security requirements.

legal and HR teams to develop appropriate sanctions for failure to comply with the organization's privacy policies and procedures.

Chief Information Security Officer, legal counsel, and senior management to manage privacy incidents and breaches in accordance with legal and regulatory requirements.

3.Ensure :

that appropriate controls are in place to effectively mitigate risk and address privacy concerns during a risk assessment process.

that privacy training and awareness activities are delivered on a regular basis.

compliance with privacy practices across the organization.

that the use of technologies maintains and does not erode, privacy protections on use, collection and disclosure of personal information.

all complaints concerning the organization's privacy policies and related documentation are addressed in a timely manner by appropriate resource.

that privacy compliance monitoring activities are carried out on an ongoing basis.

that appropriate technologies are used to maintain compliance with privacy requirements.

4.Provide:

leadership in the planning, design and evaluation of privacy and cybersecurity related projects.

development guidance and assistance relating to the organization's information privacy policies and procedures.

5.Develop :

and document procedures for reporting self-disclosures of any evidence of privacy violations.

training materials and other communications to increase employees understanding of company privacy policies, data handling practices and legal obligations.

and manage procedures for vetting and auditing vendors for compliance with appropriate privacy, data security, legislative and regulatory requirements.

strategic plans with senior management to ensure that personal information is processed accordance with applicable privacy requirements.

and maintain enterprise-wide procedures to ensure that new products and services are developed in accordance with organizational privacy policies and legal obligations.

6.Serve as the information privacy liaison for users of technology systems, reporting breaches to senior management.

7.Report on a periodic basis regarding the status of the privacy program to senior management and other responsible individuals or committees.

8.Resolve allegations of noncompliance with organizational privacy policies or notice of information practices in a timely manner.

9.Establish:

and maintain a risk management and compliance framework for privacy.

and maintain an internal privacy audit program.

And Manage company participation in public events related to privacy and data security.

10.Periodically review and update the privacy program to incorporate changes in laws, regulations or organizational policy.

11.Review:

all cybersecurity plans to ensure alignment between cybersecurity and privacy practices.

the organization's data and privacy projects to ensure that they are compliant with the organization's privacy and data security policies.

12.Identify and remediate areas where the organization is not fully compliant with privacy requirements.

13.Follow and implement AML/CFT, Cyber security, Anti-fraud, policies and procedures and company`s code of conduct and be aware of the need to comply with the laws, regulations.

Job Qualifications

Educational Background and Certifications:

Maters / Bachelor degree in Information Security / Information Technology.

Experience:

IT and Information Security Governance, Risk, Compliance, and Audit.

Skills and Abilities

Bilingual (Arabic and English)

Effective Communication Skills.

Applying cybersecurity and privacy principles to organizational requirements.

Job Competencies

Behavioral Competencies: (are observable and measurable behaviors, knowledge, skills, abilities, and other characteristics that contribute to individual success in the organization.)

1. Effective Communication Skills and interpersonal skills.

2. Teamwork and Cooperation.

3. Adaptability.

4. Stress Management.

5. Networking.

6. Steadiness.

Technical Competencies: (is the ability to perform the activities within an occupation to a defined standard, consistently and over time.)

The Ability to:

1. develop strategy, policy and related documentation to support business strategy and maintain compliance with legislative, regulatory and contractual obligations.
2. Develop, update and maintain cybersecurity related documentation.
3. select appropriate mitigation techniques within the organization's goals and policies.
4. apply cybersecurity and privacy principles to organizational requirements.
5. work across departments and business units to ensure an organization's privacy and cybersecurity objectives are aligned.
6. determine whether a cybersecurity incident violates a privacy principle or law which would require specific legal action.
7. author an appropriate privacy disclosure statement based on current laws.

Knowledge of:

1. network components, their operation and appropriate network security controls and methods.
2. Understanding of risk assessment, mitigation and management methods.
3. relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.
4. the likely operational impact on an organization of cybersecurity breaches. Knowledge of business practices within organizations.

5.the national cybersecurity regulations and requirements relevant to the organization.