Saudi Data Protection Officer (DPO) - Riyadh
Job description
“To comply with Saudi Arabian nationalization law, EY must hire nationals from Saudi Arabia for this role
EY's people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax and transaction advisory services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone's contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of MENA's top employers, EY continually strives to be a great place to work.
The opportunity
We are currently seeking a Saudi National at the rank of Assistant Director (manager) to take the role of Saudi Data Protection Officer as required by Saudi Personal Data Protection Law. The successful candidate would join our dynamic team of professionals within the Risk Management function to focus on the rapidly developing Saudi data protection legal framework and ensure all our own expanding Saudi member firm’s businesses are compliant. EY MENA’s Data Protection Team straddles our Risk Management and Legal Team and are responsible for the development, implementation and on-going monitoring of the firm’s data risk and regulatory compliance. As an integral part of the data protection team, this individual will be managing all the Saudi member firms’ data protection and become a technical subject matter expert in consulting with, and providing guidance to, our service line professionals. They will also support the wider regional team with their expertise across MENA’s developing and exciting data protection regulatory and confidentiality landscape. This individual will also serve as a role model by promoting and demonstrating our commitment to data protection, data privacy and risk management policies and processes within the organization.
Your key responsibilities
- Informing and advising us and our personnel with respect to our obligations under the Saudi Personal Data Protection Law and other regional data protection provisions
- Monitoring all EY Saudi firms’ compliance with the Saudi Personal Data Protection Law, the regulations of Ernst & Young Global Limited insofar as they relate to the protection of personal data and any other applicable policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of our staff, and conducting and/or arranging for internal audits as appropriate
- Working and cooperating with our designated supervisory authority and serving as the contact point for the supervisory authority on issues relating to the processing of personal data
- Being available to respond to inquiries from data subjects on issues relating to data protection practices and data subjects’ rights, including withdrawal of consent, the right to be forgotten, and related rights.
- Develop and deliver personal data protection training courses and presentations
- Assisting in the developing and monitoring of local procedures for personal data breach handling and being available as a first point of contact to assist with responding to any breaches of personal data, including assessing whether the data breach must be notified to supervisory authorities and/or data subjects
- Contribute to the development of data breach response plans and prepare periodic reports regarding EY activities related to the processing of personal data
- Keeping up-to-date your in-depth knowledge of the Saudi Personal Data Protection Law (and any other future variants), including guidance issued by supervisory authorities and relevant legal decisions that may impact our processing of personal data. You are responsible for arranging through EY any necessary subsequent training required under the law
- Notifying EY if you become aware of a conflict between your duties as Saudi DPO and any additional tasks and duties you fulfil or if those additional tasks and duties
- Lead on the completing and maintaining of ROPA (record of processing activities) for all EY Saudi business operations in line with retention policy
- Following up on regulatory documents issued by the competent authority related to the protection of personal data, including any amendments, and inform the relevant departments to ensure compliance
- Providing support and advice to those responsible for developing and operating modern technological systems to ensure compliance with the requirements of the Saudi Law and its Implementing Regulations
- Provide direct support and advice to EY KSA partners, briefing them of their responsibilities and ensuring they are compliant to their requirements as leaders of all our Saudi member firms
- Assist the EY MENA Region Data Protection team in the monitoring of data handling, client confidentiality, awareness campaigns and data breach response
- Assist the EY MENA Region DPO and Data Privacy Team in conducting privacy assessments and reviews, and implementation of data privacy regulations across the region. Cooperating with GCO and RM on relevant local, regional and global projects and initiatives
- Assist with preparation for, and coordination of, practice inspections by external regulators and EY’s Global Internal Audit team;
- Manage or participate in other risk management projects as required
- Other duties as assigned.
Skills and attributes for success
- Strong analytical, critical thinking and problem-solving skills with the ability to apply conceptual framework to new and unique situations
- Excellent IT, business writing, communication and presentation skills
- Ability to work in a busy, deadline driven environment and meet unexpected internal, regulatory or client demands
- Can work independently, showing initiative to handle multiple tasks simultaneously
- Honesty and integrity having not been convicted or involved in any dishonest incident or breach of trust
- A high level of confidence in dealing and briefing senior executives and challenging situations
To qualify for the role you must have
- 5+ years of experience in a data protection, data privacy or a legal function with data protection experience
- Have appropriate academic qualifications and experience in the field of Personal Data Protection
- Experience of operating in a large international or Saudi business in risk management, data protection, internal compliance or legal function
What we look for
Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. An effective communicator, you’ll be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization.
What we offer
We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:
- Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.