Data Protection & Privacy Officer

The DPO acts as the central authority for privacy governance, balancing legal, operational, and technical controls across departments to safeguard customer and employee data. (Operational & Technical – focused on data protection, security, and governance)

Key Responsibilities

1. Governance & Oversight

• Own and maintain the company-wide data privacy and protection framework.
• Serve as the primary liaison between internal teams, auditors, and regulators on all privacy-related matters.
• Develop, implement, and maintain privacy and security policies in alignment with ISO 27001, NCA ECC/CCC, and PDPL standards.
• Work closely with Product & Engineering to ensure privacy and security by design are embedded into all products and workflows.
• Track data flows across SaaS infrastructure, including cloud hosting, backups, and third-party integrations.
• Define and enforce policies on data handling, sharing, and lifecycle management across all departments.
• Maintain a data inventory, ensuring proper classification, access control, and retention practices.
• Act as the point of contact for data subject rights requests (DSRs), including access, correction, and deletion requests.

2. Access Control & Data Handling

• Design and enforce Role-Based Access Control (RBAC) to grant or restrict capabilities based on role and authority.
• Ensure all data handling, storage, and transfers adhere to industry-accepted standards, encryption, and security best practices.
• Oversee incident response and data breach management in coordination with IT Security and relevant stakeholders.
  

3. Third-Party Compliance

• Lead the compliance review and approval process before licensing or integrating any third-party tools, vendors, or data processors.
• Maintain a Third-Party Risk Register, tracking compliance obligations, data protection requirements, and mitigation actions.
• Manage incident response and reporting for security or privacy breaches involving external vendors.

4. Training & Awareness

• Design and deliver data privacy and security awareness programs for all employees and new hires.
• Develop and administer role-specific training for teams that process or manage personal data (e.g., Product, Marketing, Customer Success).
• Promote a culture of privacy across the organization through ongoing communication and engagement initiatives.

5. Continuous Improvement

• Conduct periodic Privacy Impact Assessments (PIAs), risk assessments, and internal audits.
• Continuously monitor and interpret local and international data protection regulations, including GDPR, PDPL, and related NCA frameworks.
• Recommend and implement updates to privacy policies, security controls, and governance frameworks as regulations or technologies evolve.

Requirements

Qualifications & Skills:

• Required:
• Bachelor’s degree in Information Security, Computer Science, or related field.
• 4 years of experience in data privacy, security, or compliance.
• Experience in auditing and handling incidents within a corporate environment.
• Strong knowledge of PDPL, GDPR, NCA Cybersecurity Controls, and ISO 27001.
• Experience managing data protection policies, data inventories, and breach response.
• Familiarity with SaaS environments and third-party/vendor risk.
• Certifications such as CIPM, CISA, or ISO 27701 are a plus.