D360 Bank Circular Logo

Senior Manager - Privacy & Protection (DPO)

D360 Bank Riyadh, Saudi Arabia Posted: 10 Jul 2024


  • Estimate: $90k - $120k*
  • Zero income tax location


  • Visa Provided


  • Experience: Senior
  • English: Professional
  • Arabic: Fluent


About the job:
The Data Privacy Manager establishes the necessary Data Privacy Frameworks to drive the data privacy programs over the organization's practices ensuring that the handling, management, and processing of data adheres to privacy policies, standards, and regulatory requirements.


  • Oversee D360’s RoPA register and ensure that all processing activities are captured.
  • Oversee the data mapping exercise and quality check the data flows maps for accuracy.
  • Provide inputs into suitable data retention requirements for personal data, and ensure retention periods are applied and followed across D360.
  • Assess and validate security controls captured during the RoPA exercise and ensure they maintain the confidentiality, integrity, and availability of personal data across the bank.
  • Manage and oversee customer and employee consent requests and ensure they are fulfilled in line with the KSA PDPL.
  • Ensure appropriate legal basis for processing personal data is recorded as part of the RoPA activity.
  • Ensure compliance of cookies is maintained.
  • Oversee Data Subject Requests and ensure they are resolved in line with KSA PDPL.
  • Continuously review personal data breach management policies and monitor for personal data breaches to ensure associated risks are managed and notifications to the relevant regulator made.
  • Development of a Data Privacy related Risk Appetite statement.
  • Support and provide input on completing Data Privacy Impact Assessments (DPIA) for high-risk processing activities.
  • Monitor and maintain a third party list where personal data is being shared outside of D360.
  • Review existing contracts with third parties to identify the involvement of personal data processing and ensure the data privacy clause is embedded in the contracts aligned with the applicable jurisdictional privacy regulations.
  • Ensure that the contracts which involve the processing of personal data include provisions governing that processing and, where applicable, provisions ensuring appropriate safeguards when Personal Data is transferred out of any jurisdiction(s).
  • Identify and drive mitigation plans for the privacy-related risks stemming from the use of third parties.
  • Lead the data sharing mandate under NDMO for D360 and report directly to DPO on the initiatives, compliance with NDMO standard, awareness campaigns, and risks associated with publishing open data.
  • Conduct the Data Sharing training for every employee involved in the Data Sharing initiatives to ensure that they understand their obligations, responsibilities, and the consequences of an unauthorized disclosure or mishandling of data.
  • Develop and enforce a Data Sharing Process and Data Sharing Agreement.
  • Define and follow an Internal Data Sharing agreement template to be used when data is shared within D360.
  • Review all ongoing Data Sharing agreements on a regular basis to accommodate for any changes.
  • Enforce, incorporate, and comply with all necessary controls and related information security (EIS) policies, procedures, practices, training, reporting, personal due diligence, and vigilance, within departmental/unit activities and operations.


Preferred Qualifications

  • A tertiary-level qualification from an internationally recognized institution
  • Industry-recognized certifications in CIPP, DAMA, CDPSE (Certified Data Privacy Solutions Engineer), or CGEIT (Certified Governance of Enterprise IT)

Years & Nature of Experience:

  • Would have 8 to 10 years of equivalent experience in the data privacy management field.
  • Extensive Knowledge of KSA Personal Data Protection Law, particularly in consent, data subject rights, and sharing data across jurisdictions.
  • Experience in data mapping and classification to identify the types of data collected, processed, and shared.

Technical Competencies:

  • Data Security and Protection
  • Data Architecture
  • Data Management
  • Data Engineering
  • Data Resiliency
  • Regulatory Compliance

Behavioural Competencies:

  • Well-Spoken & Presentable
  • Adaptability
  • Analytical thinking
  • Complex Reasoning
  • Trust and Transparency

Key Interactions:

  • Internal Information Security Function
  • Data Management Function
  • Risk Management Function
  • Compliance Function
  • IT Function
  • Legal Function
  • Internal Audit

About The Team:
Embarking on a journey with the D360 Bank Risk Management team grants you a remarkable opportunity to steer our triumphs and fortify our future. As a valued member, you will assume a pivotal role in owning and orchestrating our enterprise-wide risk policy framework and strategies. Your expertise will encompass identifying, evaluating, and mitigating risks entwined with D360's diverse activities. Joining our esteemed risk management team means actively shaping the forefront of pioneering risk management techniques and state-of-the-art technologies. We firmly believe in embracing innovation to elevate our risk management prowess and fuel enduring progress.

About the company:
D360 Bank is a shariah-compliant digital bank that aims to provide the best financial experience in the Kingdom. Our Vision: To reinvent finance through innovation & technology making it convenient, accessible & fair to all.

Apply now

Jobs you might like   View all jobs

About D360 Bank

D360 Bank is a shariah-compliant digital bank that aims to provide the best financial experience in the Kingdom.