Data Protection Officer / Privacy Lead, Riyadh, KSA - Contract position

Company DescriptionXaid is a boutique consulting firm that specializes in assisting banks with their technology, business, and digital transformation programs. With experience supporting over 30 banks, our teams are well-versed with systems such as Temenos Transact, BANCS, and Oracle FCUBS. We provide comprehensive services throughout the entire implementation lifecycle, including RFP stages, requirements management, vendor selection, PMO setup, integration management, testing, data migration, rollout execution, training, and end-to-end project management. Our expertise in core banking systems is complemented by our services in CRM, Digital Channels, Payments, Trade Finance, Treasury, Financial Crime, and other solutions.Connect to your career with us!We’re looking for a DPO / Privacy Lead to be a foundational part of our EZ Bank based in Riyadh. The Data Protection Officer (DPO) is a key role within EZ Bank, responsible for overseeing the implementation of the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) and ensuring compliance with data privacy regulations. The DPO will lead the bank’s efforts in safeguarding personal data, managing data protection strategies, and acting as the main point of contact for data privacy authorities and data subjects.*This is a 6 month contract onsite role at KSA*Key Responsibilities• Develop and implement the data privacy policies and procedures in compliance with KSA PDPL, the Implementing Regulation and SDAIA’s guidelines.• Advise and monitor the processing of personal data to verify that data processing activities are conducted in compliance with applicable data protection laws and internal policies.• Support in conducting assessments to monitor compliance and identify areas for improvement.• Manage and facilitate responses to data subject requests, including access, rectification, erasure, and restriction of processing.• Ensure that appropriate mechanisms are in place for data subjects to exercise their rights under the KSA PDPL. • Maintain comprehensive records of data processing activities (RoPA), including the purposes of processing, data retention periods, and data sharing/processing arrangements.• Conduct Data Protection Impact Assessments (DPIAs) for new projects, systems, and processes that involve the processing of personal data according to SDAIA guidelines.• Identify and mitigate risks to data subjects’ rights and ensure that DPIA recommendations are implemented.• Operationalize privacy policies and procedures and ensure its consistent implementation.• Document, analyse and respond to data privacy incidents or breaches, ensuring timely reporting to regulatory authorities (SAMA and SDAIA) and affected data subjects as required.• Investigate incidents and work with relevant teams to implement corrective actions and prevent future occurrences.• Develop and deliver training programs to educate employees on data protection and privacy requirements.• Develop and maintain appropriate communications and training to promote and educate all employees including senior management regarding privacy compliance and the consequences of noncompliance.• Serve as the main point of contact for SDAIA and other regulatory bodies.• Collaborate with internal stakeholders, including legal, IT, compliance, cybersecurity and risk management teams, to ensure coordinated data protection efforts.• Conduct audits to ensure compliance and address potential privacy issues.• Prepare and submit reports to senior management and regulatory authorities as required.For the role of Data Protection Officer / Privacy Lead, you also need to have:Education:o Bachelor's degree in law or information security, or a related field.o A master’s degree or professional certifications (e.g. FIP, CIPP/E, CIPM, etc.) is a plus.Experience:o Minimum of 5 years of experience in data protection, privacy compliance, or a related field, preferably within the financial, legal, or technology sectors.o Demonstrated experience in developing and implementing data protection policies and procedures.Knowledge:o In-depth understanding of KSA PDPL, GDPR, and other relevant data protection regulations.o Familiarity with data protection principles, privacy impact assessments, and information security practices.Skills:o Strong analytical skills to assess data protection risks and recommend mitigation measures.o Excellent communication and interpersonal skills to effectively liaise with internal and external stakeholders.o Proficient in managing data breach incidents and conducting investigations.o Native Arabic speaker in order to communicate with EZ Bank internal and external stakeholders smoothly.Personal Attributes:o High ethical standards and integrity, with a strong commitment to protecting personal data.o Detail-oriented, with strong organizational and time management skills.o Ability to work independently and collaboratively in a fast-paced environment.What you will get•The opportunity to define and influence the privacy posture of one of the most ambitious banking ventures in the Kingdom.•A culture of transparency, learning, and innovation, where your impact will be visible and meaningful.