Role Profile:

A dynamic, self-motivated and forward-thinking individual who can work independently and lead a team of professionals that are focused on controlling, managing and enforcing the relevant security protocols related to GDPR compliance and data protection throughout all relevant impacted areas of the Alshaya business.

The below Key Performance Areas include but are not limited to:

• Construct and implement the Data Protection Policy & Frameworks required, including all relevant policies and standards throughout the business
• Install the relevant monitoring of compliance within the regulations, including GDPR, and Company policies and guidelines with respect to data protection
• Provide recommendations on technical controls that support protection of sensitive/PII throughout data lifecycle.
• Review commercial agreements and contracts, including Data Processing agreements with data processors
• Manage escalated queries from all parts of the business, bringing them to resolution by developing effective solutions
• Continually develop, adapt and cascade a programme of staff awareness training to achieve compliance and foster a culture of data privacy within the organisation
• Develop communications strategy, in line with corporate strategy to engage with the key stakeholders
• Conduct risk assessments for high-risk processing in connection with GDPR requirements, including data security, security breach notifications, privacy by design, legitimate interest, purpose limitation and fair processing;
• Represent the company in dealing with Data Protection Commission Officers, including complaints and data breach notifications;
• Track and maintain a log of all incidents, complaints, data breaches and notifications, linking with the IS team to remedy with tangible solutions;
• Conduct GDPR Readiness assessments, assess information security measures with the support of the Operational Risk Management department and advice on remediation measures;
• Liaise regularly with DP authorities in each jurisdiction
• Ensure full knowledge of any future changes to any part of the regulations, making remedial actions to continue compliance
• Provide guidance for the IT Security activities in terms of procedures, policies, and management and reporting of incidents related to GDPR
• Assist/support in legal proceedings as needed

Knowledge:

Expert knowledge of Data Protection Laws and regulations, including updates and amendments.

Previous roll out and project management knowledge required.

Strong understanding of ICT Security.

Proven expert knowledge of data protection technologies and enterprise scale deployment.

Experience:

Minimum 3-5 years’ experience in the domain of data privacy / protection and actively contributed to GDPR Implementation projects

Skills:

Results oriented.

Relevant certifications an asset, such as Certified Information Privacy Professional (CIPP/US or CIPP/E, or equivalent), Certified Information Privacy Manager (CIPM), Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM).

Relevant certifications an asset, such as Certified Information Privacy Professional (CIPP/US or CIPP/E, or equivalent), Certified Information Privacy Manager (CIPM), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).

Quality & Service minded

Conceptual and analytical problem solver

Must have good people skills and the ability to interact and communicate effectively, orally and in  writing, across all levels.