Personal Data Protection Specialist

Company Overview

ExeQut is a consulting firm focused on delivering practical, business-aligned solutions. The company supports enterprise applications and portals, using a proprietary delivery approach designed to keep projects on schedule, avoid frequent design errors, and lower the long-term cost of ownership. Its style of work emphasizes clear communication, transparency, and close collaboration with clients throughout the full project lifecycle.

Role Summary

The organization is hiring a Personal Data Protection Officer to drive implementation of the Saudi Personal Data Protection Law (PDPL) and related regulations across the business. The role is responsible for ensuring that personal data is protected effectively and that the organization remains compliant with national and sector-specific requirements.

Key Responsibilities

• Own the personal data protection program and ensure alignment with the Saudi PDPL, its Implementing Regulations, and the Data Governance Policies and Data Management & Personal Data Protection Standards issued by SDAIA/NDMO.
• Create, maintain, and continuously update the Record of Processing Activities (RoPA), including inventories of data and mappings of how information moves between internal platforms and outside parties.
• Draft, refine, and manage privacy and data protection documents and processes covering data subject requests, retention schedules, data sharing, and personal data breach response.
• Work closely with IT, Information Security, Compliance, Legal, and business teams to build PDPL obligations into systems, contracts, projects, and change activities, while supporting privacy impact and risk assessments where needed.
• Prepare periodic updates for senior leadership covering compliance progress, major risks, incidents, and corrective action plans.
• Bring prior exposure to cross-border data transfer matters outside the Kingdom.

Qualifications and Experience

The position requires a bachelor’s degree in law, a Sharia degree with a law track, Information Systems, Computer Science, Cybersecurity, Data Management, or a closely related field. Candidates should have 4 to 7 years of relevant experience in data protection and privacy, data governance, information security, compliance, risk management, or internal audit, with demonstrated experience in Saudi or GCC settings. A strong understanding of the Saudi PDPL, its Implementing Regulations, and the SDAIA data management and personal data protection controls is expected, ideally backed by hands-on involvement in PDPL compliance or alignment work. The role also calls for the ability to write clear policies, procedures, and formal reports in both Arabic and English, as well as engage effectively with regulators and internal governance bodies.

Preferred Professional Certifications

Certifications are not required, but they are viewed positively. Helpful credentials include privacy and data protection certifications such as CIPP/E, CIPP/A, CIPM, CIPT, or equivalent recognized qualifications. In the information security and governance area, useful credentials include CISSP, CISM, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27701 training, or data management certifications such as CDMP.

Skills Required

The role benefits from a strong grasp of data management and governance principles, including classification, quality, and key national frameworks. Candidates should also understand information security and risk management practices and be comfortable working with both technical and non-technical stakeholders. Strong communication, persuasion, and awareness-building abilities are important for fostering a privacy-conscious culture across the organization.

Additional Information

This is a full-time onsite position based in Riyadh, Saudi Arabia.

About ExeQut

Join ExeQut and contribute to a collaborative team focused on maintaining data integrity and accessibility in support of business success.