Data Privacy and Protection Officer

Job Title: Data Privacy and Protection Officer

The Data Protection Officer (DPO) will oversee the bank’s compliance with data privacy regulations such as QCB guidelines, NCSA directives, and global standards.

They will ensure personal and sensitive data is processed lawfully, securely, and transparently across all systems and third parties.

The DPO will manage data subject rights, breach handling, and cross-border data transfer governance.

They will embed privacy by design into digital transformation and new product initiatives.

The role includes monitoring internal policies, conducting DPIAs, and maintaining privacy records (RoPA).

Above all, the DPO will act as the custodian of trust, protecting the bank from regulatory, legal, and reputational risks.

• Ensure daily compliance with QCB, NCSA, and global data protection regulations.
• Oversee data subject requests (access, correction, deletion) and ensure timely responses.
• Lead privacy breach response processes, including investigation, impact assessment, and regulatory notification.
• Conduct and approve Data Protection Impact Assessments (DPIAs) for all high-risk processing activities.
• Maintain and update Records of Processing Activities (RoPA) and related privacy documentation.
• Perform internal audits and support external regulatory reviews and assessments.
• Assess third-party vendors for data privacy and protection compliance during onboarding and renewals.
• Conduct regular training and awareness programs to strengthen privacy and security culture.
• Monitor data flows across systems to ensure proper classification, encryption, and access controls.
• Enforce privacy-by-design and privacy-by-default practices in system development and business processes.

Ensure protection of personal and sensitive data at rest and in transit through technical security controls.

• Continuously review data handling practices to prevent unauthorized access, data leaks, or loss.
• Collaborate with Security Architecture and SOC teams to align data protection with cybersecurity posture.
• Oversee legal safeguards for international data transfers and ensure compliance with cross-border data laws.
• Maintain full documentation of privacy and security controls to support audit readiness and demonstrate accountability.

• Analytical skills. The DPO must thoroughly assess data processing activities, privacy risks, and compliance gaps across systems, vendors, and business units. They must analyze patterns in data handling to identify areas vulnerable to misuse or regulatory exposure.
• Detail oriented. Because data privacy breaches can originate from minor oversights, the DPO must maintain high attention to detail when reviewing contracts, data flows, DPIAs, and regulatory obligations.
• Ingenuity. The DPO must anticipate privacy risks and evolving regulatory trends, designing proactive governance models and embedding privacy into the organization’s culture, systems, and third-party relationships.
• Problem-solving skills. The DPO must resolve complex data handling issues, balance business needs with legal requirements, and respond swiftly to breaches or data subject complaints with minimal business disruption.

• University degree with specialization in Cybersecurity or IT or Computer Science
• Technical
  
  Certifications:
  
  Offensive Security Professional certifications / Any SANS Certifications such as OSCP, OSCE, GCIH, GPEN, GNFA
• Domain
  
  Certifications:
  
  CIPM/CIPE/CIPP (mandatory)

• Minimum 8-10 years of security & privacy experience of which a minimum of 2-3 years should be in a similar position / responsibility.

Skills:

cipe,global standards,data flows,cipp,qcb,dpias,ropa,cipm,ncsa directives,dpo,ncsa