Head of Data Protection & Privacy, noon KSA

About noon

noon, the region's leading consumer commerce platform. On December 12th, 2017, noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. noon is a work in progress; were six years in, but only 5% done.

noons mission: Ring every doorbell, everyday.

We are looking for a Head of Security, KSA to focus on building a security assurance program that enables our companies to meet regional/global regulatory and compliance requirements and far beyond.

We are excited to have someone join the team with broad compliance, risk, and technical experience. This role will acquire and nurture collaborations with Legal, Internal Audit, the broader Infosec department, and other Engineering functions to drive a data-centric security assurance strategy that leverages engineering principles to address compliance.

Candidate (required): Saudi National

Department: Information Security

Reporting to: Group Vice President of Information Security, CISO

What you'll do:

Team noon has some of the fastest, smartest, and hardest-working people we've encountered. With a young, aggressive, and talented team, we're driving major missions forward.

We are looking for a Head of Data Protection in Saudi Arabia to focus on building and implementing a comprehensive data protection program that ensures our companies meet regional and global data privacy requirements and go far beyond.

We are excited to have someone join the team with broad data privacy, risk management, and technical experience. This role will acquire and nurture collaborations with Compliance, Legal, Internal Audit, the broader Infosec department, and other Engineering functions to drive a data-centric privacy strategy that leverages engineering principles to address data protection challenges.

Responsibilities:

• Develop and implement a comprehensive data privacy framework and processes (e.g., TOM, policies & procedures, Consent Management, DSAR requests, Data Privacy incident management, etc.).
• Own all aspects of data protection requirements, including the management and implementation of key controls for SDAIAs PDPL and other regional data privacy regulations across our group of companies.
• Establish metrics and regular reporting mechanisms for measuring data protection compliance, privacy posture, and provide analysis to the Group CISO and senior management.
• Conduct Data Protection Impact Assessments (DPIAs) and lead data privacy risk management activities, including risk assessments, vendor reviews, and remediation of identified gaps and issues.
• Lead regional KSA data protection initiatives and serve as the main POC and escalation point for the regional privacy program in relation to process or project-related functions and operational support.
• Oversee the design and implementation of the Data Protection aspects of the Vendor Risk Assessment program and liaise with outside vendors/suppliers regarding privacy measures.
• Effectively write and communicate data protection audit, assessment, or compliance results, findings, and recommendations to stakeholders while ensuring high-quality and proper documentation of project deliverables.
• Monitor compliance with data protection policies and maintain internal SLAs across the organization.
• Develop and maintain data privacy policies and compliance content, including privacy documentation, privacy FAQs, and data subject rights procedures.

What youll need

• Holds a minimum of a bachelor's degree or equivalent experience in Computer Science, Law, or related field, and holds certifications such as CISSP, data privacy certifications, or equivalent.
• Extensive working experience in data privacy and protection, with a strong understanding of global privacy laws and regulations
• Experience in interpretation and practical application of data privacy laws, particularly SDAIA PDPL and other relevant regional regulations
• Must have at least 5 years of experience in managing data protection and privacy framework requirements (e.g., GDPR, CCPA, ISO 27701, SDAIA data privacy framework)
• Proven experience in conducting Data Protection Impact Assessments and implementing privacy by design principles
• Strong understanding of regional data protection standards and regulations
• Experience driving data protection projects end-to-end independently, including evaluating, defining, and improving privacy processes
• Experience with information security in one or more of the following is preferred: data protection implementation, privacy-enhancing technologies, and data governance

Who will excel

noon isnt for everyone. And thats okay. This is one of our core operating principles.

We're looking for resourceful doers. Thinkers who are both creative and analytical. Problem solvers who are enthusiastic about delivering results. Our ideal candidate will be comfortable in a fast-paced, multi-tasked, high-energy and often ambiguous environment.

If the above values resonate with you, then noon might be the place for you.