Send resumes with job title in subject line on zafar@dunetechco.com
Position Title:
- Senior Consultant (Data Privacy & Data Classification)
- Consultant (Data Privacy & Data Classification)
No of Position: 2 (1 Senior Consultant with 15+ Yrs Exp, 1 Consultant with 10+ Yrs Exp)
Location: Riyadh
JOB PURPOSE:
Establish framework for “Personal Data Protection” and “Data Classification” domains. Manages and develops privacy strategy, roadmap and implementation plan that aligns with the bank’s goals and objectives related to “Personal Data Protection” and “Data Classification” domains.
Key Accountabilities
Perform assessments
To evaluate the current state of the Personal Data Protection environment.
Impact assessment/s of the potential damages due to an unauthorized access to all its identified datasets and artifacts.
To identify “public” category data
Create Data Management and Personal Data Protection Strategy and Plan, the Entity shall create a Personal Data Support in delivery of enterprise-wide Data Protection & Privacy program and provide guidance on global standards and best practices.
Create a Data Classification Plan to manage and orchestrate bank’s Data Classification activities
Develop prioritization list based on the classification level of “data sets” and “artifacts” for the organization.
Identify and inventory all datasets and artifacts owned by the Bank as part of the Data Classification Implementation process
Oversee that policies, processes, guidelines and standards related to Data Protection & Privacy (Such as: Consent Management, Data Subject Rights Management, Data Localization, Personal Data Access, Sharing and Transfer, Personal Data Breach Handling, etc.) are communicated and enforced throughout the organization.
Develop material and conduct the Personal Data Protection training for every employee to promote a Personal Data Protection-centric culture in accordance with the Entity-specific and national privacy regulations. Liaise and respond to the Data Protection Authority of KSA for regulatory queries and audits.
Develop and document breach management procedures to directly manage and address the privacy violations and to set the functions and responsibilities for the affected work team, covering
Process for conducting incident review by the Data Controller with the Regulatory Authority
Development of response mechanism based on incident reported by the Data Controller and / or Data Processor
Implementing processes to perform permanent corrective actions when issued by the Regulatory Authority
Developing testing of the implemented corrective actions to validate personal data protection solution(s).
QUALIFICATIONS, EXPERIENCE, & SKILLS:
Minimum Qualifications:
Bachelor’s degree in computer science, cyber-security or relate areas.
Minimum Experience:
10-15+ years of experience in field of Data Privacy & Protection.
Job-Specific Skills: Mandatory
Experience in the field of Data privacy, Data Protection and Data classification domains.
Experience in working in support group responsible to monitoring compliance and managing regulatory compliance.
Understanding of privacy protection Risks, data privacy related processes and policies.
Advanced knowledge in Personal Data Protection regulations, such as:
Data Classification, Risk Assessment,
Risk Register and Data Confidentiality
Data Integrity and Data Availability Preferable
Certification in Privacy Management
NDMO Data Governance Interim Regulation
NDMO Data Management Standards
SAMA Cybersecurity Framework and NCA regulations
GDPR