Personal Data Protection Specialist📣 إعلان

About ExeQut and the Role

ExeQut is a consulting firm specializing in enterprise applications and portals, known for its proprietary development process that ensures timely delivery, avoidance of common design issues, and reduced total cost of ownership. The company emphasizes understanding core business challenges and delivering solutions that provide immediate value, with transparency and communication as foundational principles. Projects are approached as partnerships, involving clients at every stage. ExeQut is seeking a Personal Data Protection Officer to lead the implementation of the Saudi Personal Data Protection Law (PDPL) and related regulations across the organization, ensuring robust protection of personal data and ongoing compliance with national and sectoral requirements.

Key Responsibilities

• Lead the personal data protection program and oversee compliance with the Saudi PDPL, its Implementing Regulations, and national Data Governance Policies and Data Management & Personal Data Protection Standards issued by SDAIA/NDMO.
• Establish and maintain a comprehensive record of processing activities (RoPA), including data inventories and data flows between internal systems and external parties.
• Develop, review, and maintain privacy and data protection policies and procedures, covering data subject rights, data retention, data sharing, and personal data breach management.
• Coordinate with IT, Information Security, Compliance, Legal, and Business units to integrate PDPL requirements into systems, contracts, projects, and change initiatives.
• Support privacy impact and risk assessments (DPIA) when required.
• Prepare and present regular reports to senior management on compliance status, key risks, incidents, and remediation plans.
• Manage data transfers outside the Kingdom.

Qualifications and Experience

• Bachelor's degree in Law, Sharia with a law track, Information Systems, Computer Science, Cybersecurity, Data Management, or a related discipline.
• 4–7 years of relevant experience in data protection and privacy, data governance, information security, compliance, risk management, or internal audit.
• Proven exposure to Saudi or GCC environments.
• Solid working knowledge of the Saudi PDPL, its Implementing Regulations, and the national Data Management and Personal Data Protection Controls issued by SDAIA.
• Hands-on experience in a PDPL compliance or alignment project is preferred.
• Strong ability to draft policies, procedures, and formal reports in both Arabic and English.
• Ability to interact with regulators and internal governance committees.

Preferred Professional Certifications

While not mandatory, the following certifications are considered a strong advantage:

• Privacy and Data Protection: CIPP/E, CIPP/A, CIPM, CIPT, or equivalent recognized privacy certifications.
• Information Security and Governance: CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, ISO 27001 training, or data management certifications such as CDMP.

Required Skills

• Good understanding of data management and data governance concepts, including data classification, data quality, and key national frameworks.
• Familiarity with information security and risk management practices.
• Ability to collaborate effectively with technical and non-technical stakeholders.
• Excellent communication, influencing, and awareness-building skills.
• Capacity to promote a culture of personal data protection across the organization.

Work Location and Type

This is a full-time, onsite position located in Riyadh.