Job Title
Senior Data Privacy & Compliance Specialist

Location
Riyadh, Kingdom of Saudi Arabia
Company
IoT Squared
Job Overview
IoT Squared is seeking a highly skilled Data Privacy & Compliance Specialist to support the organization in ensuring full compliance with Saudi data protection regulations and international cybersecurity standards. The role focuses on data governance, privacy risk management, policy development, and implementation of technical and organizational safeguards across enterprise systems.
Key Responsibilities
Data Mapping & Inventory
Identify, document, and maintain an inventory of personal and sensitive data collected, processed, transmitted, and stored across all systems and platforms.
Maintain data flow diagrams and records of processing activities (RoPA).
Privacy Risk Assessment
Conduct privacy risk and impact assessments (PIA/DPIA) for existing and new systems, products, and services.
Evaluate data handling practices against applicable regulations and identify compliance gaps.
Policy Review & Development
Develop, review, and update privacy-related policies, including data protection, data retention, consent management, and incident/breach response procedures.
Ensure policies are aligned with Saudi regulations and industry best practices.
Implementation of Safeguards
Implement organizational and technical controls such as access control, data minimization, encryption, secure disposal, and monitoring mechanisms.
Collaborate with IT and security teams to embed privacy-by-design and privacy-by-default principles.
Training & Awareness
Design and deliver privacy and data protection awareness programs for employees and stakeholders.
Promote a strong data protection culture across the organization.
Compliance Reporting & Documentation
Prepare compliance documentation, reports, and evidence to support internal audits, regulatory inspections, and external assessments.
Act as a point of contact for privacy-related regulatory inquiries.
Regulatory & Standards Expertise
Hands-on experience with Saudi data regulations, including:
Personal Data Protection Law (PDPL)
National Data Management Office (NDMO) frameworks
Strong knowledge of cybersecurity and information security standards, including:
ISO/IEC 27001
NCA Essential Cybersecurity Controls (ECC)
Qualifications & Skills
Bachelor’s degree in Information Security, Computer Science, Law, or a related field.
Proven experience in data privacy, data protection, or compliance roles.
Strong understanding of data governance, risk management, and cybersecurity controls.
Excellent analytical, documentation, and stakeholder communication skills.
Experience working within the Saudi regulatory environment is highly preferred.

Regulatory & Standards References

Saudi Personal Data Protection Law (PDPL) – SDAIA

National Data Management Office (NDMO)

Saudi National Cybersecurity Authority – ECC