Data Protection & Privacy Officer

The DPO acts as the central authority for privacy governance, balancing legal, operational, and technical controls across departments to safeguard customer and employee data. (Operational & Technical – focused on data protection, security, and governance) Key Responsibilities 1. Governance & Oversight Own and maintain the company-wide data privacy and protection framework. Serve as the primary liaison between internal teams, auditors, and regulators on all privacy-related matters. Develop, implement, and maintain privacy and security policies in alignment with ISO 27001, NCA ECC/CCC, and PDPL standards. Work closely with Product & Engineering to ensure privacy and security by design are embedded into all products and workflows. Track data flows across Saa S infrastructure, including cloud hosting, backups, and third-party integrations. Define and enforce policies on data handling, sharing, and lifecycle management across all departments. Maintain a data inventory, ensuring proper classification, access control, and retention practices. Act as the point of contact for data subject rights requests (DSRs), including access, correction, and deletion requests. 2. Access Control & Data Handling Design and enforce Role-Based Access Control (RBAC) to grant or restrict capabilities based on role and authority. Ensure all data handling, storage, and transfers adhere to industry-accepted standards, encryption, and security best practices. Oversee incident response and data breach management in coordination with IT Security and relevant stakeholders. 3. Third-Party Compliance Lead the compliance review and approval process before licensing or integrating any third-party tools, vendors, or data processors. Maintain a Third-Party Risk Register, tracking compliance obligations, data protection requirements, and mitigation actions. Manage incident response and reporting for security or privacy breaches involving external vendors. 4. Training & Awareness Design and deliver data privacy and security awareness programs for all employees and new hires. Develop and administer role-specific training for teams that process or manage personal data (e.g., Product, Marketing, Customer Success). Promote a culture of privacy across the organization through ongoing communication and engagement initiatives. 5. Continuous Improvement Conduct periodic Privacy Impact Assessments (PIAs), risk assessments, and internal audits. Continuously monitor and interpret local and international data protection regulations, including GDPR, PDPL, and related NCA frameworks. Recommend and implement updates to privacy policies, security controls, and governance frameworks as regulations or technologies evolve. Qualifications & Skills: Bachelor’s degree in Information Security, Computer Science, or related field. 4 years of experience in data privacy, security, or compliance. Experience in auditing and handling incidents within a corporate environment. Strong knowledge of PDPL, GDPR, NCA Cybersecurity Controls, and ISO 27001. Experience managing data protection policies, data inventories, and breach response. Familiarity with Saa S environments and third-party/vendor risk. Certifications such as CIPM, CISA, or ISO 27701 are a plus. #J-18808-Ljbffr