Data Protection Manager

As a Data Protection Manager, you will play a pivotal role in shaping and driving the Tabby's data protection strategy, ensuring compliance with the Saudi Personal Data Protection Law (PDPL) and international privacy frameworks. 


You will lead data governance initiatives, oversee risk management, and work closely with senior stakeholders to embed a culture of data protection and privacy across the organization. This role requires a proactive leader with deep regulatory expertise, strong strategic vision, and the ability to navigate complex data protection challenges in a dynamic environment.


Key Responsibilities

• Leverage a strong legal background to interpret data protection laws, provide regulatory guidance, and support compliance initiatives across the organization.
• Develop, implement, and continuously enhance the organization's data protection framework at a group level, including policies and procedures, and ensuring alignment with PDPL, GDPR, and other relevant global regulations.
• Lead the data privacy governance program, ensuring cross-functional alignment with legal, IT security, compliance, risk management, and business units.
• Drive data protection by design and by default, embedding privacy considerations into business processes, products, and services.
• Oversee the data governance framework, ensuring robust policies for data classification, retention, minimization, deletion, and archiving in accordance with legal and business requirements.
• Establish privacy and data ethics standards to govern the responsible use of personal data.
• Ensure organisation-wide compliance with PDPL, addressing new regulatory developments and industry best practices.
• Develop and maintain compliance monitoring mechanisms, conducting regular audits, risk assessments, and gap analyzes to identify and mitigate privacy risks.
• Monitor and enforce compliance with data localization requirements, ensuring personal data is processed and stored according to PDPL mandates.
• Develop strategies for ensuring compliance with cross-border data transfers, working closely with legal teams to establish appropriate safeguards.
• Oversee the data subject rights management process, ensuring timely and compliant handling.
• Manage privacy complaints and inquiries, ensuring appropriate investigation, resolution, and reporting.
• Lead the data breach response program, developing robust incident response plans, forensic investigations, and remediation strategies.
• Ensure timely notification to SDAIA and affected individuals in case of a data breach, complying with legal and regulatory requirements.
• Serve as the primary point of contact with SDAIA and other regulatory authorities, managing audits, inquiries, and compliance reporting.
• Build and maintain strong relationships with internal and external stakeholders, including regulators, auditors, legal advisors, and industry bodies.
• Keep abreast of legislative changes and enforcement actions, providing strategic guidance to senior management on regulatory developments.
• Participate in industry working groups and professional forums, influencing the evolution of data protection policies and best practices.
• Design and implement organization-wide privacy training and awareness programs, ensuring employees understand their roles and responsibilities in data protection.
• Develop tailored training for key departments (e.g., IT, HR, Marketing, Legal) to address specific privacy risks and compliance obligations.
• Foster a culture of accountability by promoting privacy awareness at all levels of the organization, from executives to operational teams.
• Conduct privacy maturity assessments, measuring the effectiveness of training programs and privacy initiatives.

Skills, Knowledge and Expertise

• A degree in law is required.  
• Extensive knowledge of the Saudi PDPL and other relevant data protection frameworks (eg, GDPR, NDMO regulations, ISO 27701, NIST Privacy Framework).
• Experience in data protection, privacy governance, compliance, or risk management, preferably in regulated industries such as finance, healthcare, telecommunications, or technology.
• Demonstrated ability to lead enterprise-wide privacy initiatives, collaborating with cross-functional teams and senior leadership.
• Strong experience in regulatory engagement, managing audits, inquiries, and compliance reporting to authorities (SAMA). 
• Expertise in handling data breaches, incident response, and privacy risk mitigation strategies.
• Recognized privacy certifications such as CIPP/E, CIPM, CIPT, FIP, or equivalent data protection qualifications would be ideal.
• Strong analytical and problem-solving skills, with the ability to navigate complex regulatory landscapes.
• Excellent leadership, communication, and stakeholder management skills, capable of influencing senior executives.
• Proficiency in privacy-enhancing technologies, data security frameworks, and privacy engineering principles.
• Proficiency in Arabic and English is required for effective communication with regulators and stakeholders.

Benefits

• We are an international team of inspired professionals located all over the globe.
• We have an inclusive company culture, embracing diversity, integrity and transparency. We strive for work-life balance and cherish the moments you spend with your loved ones, off-work. In the same spirit as for our product, we are caring and nurturing for our employees.
• Our people are granted 100% trust and freedom to apply their own vision and come up with their ideas from day 1 at Tabby. You are the one who takes responsibility for your area of ​​work. We encourage everyone to think and make decisions like Tabby was their own business, well because it is. Our employee stock options program is available for everyone. 
• You will have an opportunity to learn and grow in one of the fastest growing fintech companies in the region.
• We offer you relocation support as well as we guide you through all the process.
• We'll set you up with the devices required for your work.