Head of Data Protection & Privacy

About the Job
noon, the region's leading consumer commerce platform, is seeking a Head of Data Protection in Saudi Arabia. This role focuses on building and implementing a comprehensive data protection program to ensure we meet regional and global data privacy requirements and exceed expectations. We are looking for a candidate with a strong foundation in data privacy, risk management, and technical experience to collaborate with various departments to drive a data-centric privacy strategy.

Responsibilities:

• Develop and implement a comprehensive data privacy framework and procedures, including policies, consent management, data subject access requests (DSAR), and incident management.
• Own the data protection requirements related to SDAIA’s PDPL and other regional regulations, managing and implementing key controls across our group of companies.
• Establish metrics and reporting mechanisms to measure compliance, privacy posture, and provide analyses to senior management.
• Conduct Data Protection Impact Assessments (DPIAs) and lead data privacy risk management activities, including vendor reviews and identifying remediation for gaps.
• Lead regional KSA data protection initiatives, serving as the main point of contact for the privacy program.
• Oversee the design and implementation of data protection aspects of the Vendor Risk Assessment program, collaborating with vendors on privacy measures.
• Communicate audit and assessment results to stakeholders, ensuring quality documentation of project deliverables.
• Monitor compliance with data protection policies and maintain internal service level agreements (SLAs).
• Develop and maintain data privacy policies, documentation, FAQs, and procedures for data subjects' rights.

Qualifications:

• A minimum of a bachelor's degree or equivalent experience in Computer Science, Law, or a related field.
• Certifications such as CISSP or data privacy certifications are preferred.
• Extensive experience in data privacy and protection with a strong understanding of global privacy laws and regulations.
• At least 5 years of experience managing data protection and privacy framework requirements (e.g., GDPR, CCPA, ISO 27701).
• Proven experience conducting DPIAs and implementing privacy by design principles.
• Strong understanding of regional data protection standards and regulations.
• Experience managing end-to-end data protection projects, including defining and improving privacy processes.
• Preferred experience in information security, data protection implementation, and data governance.

Who Will Excel?
At noon, we value resourceful doers—thinkers who are both creative and analytical. Our ideal candidate will thrive in a fast-paced, multi-tasked, high-energy, and often ambiguous environment. If these values resonate with you, noon might be the place for you.