Data Protection Officer (DPO)

• Guarantee organizational adherence to relevant data protection laws and regulations.

• Monitor changes in privacy laws and promptly update policies and procedures to align with the evolving legal landscape.

• Prepare and regularly review Data Privacy policies and procedures to ensure compliance with legal, regulatory, and organizational updates.

• Assist in the development and implementation of the Data Privacy strategy, integrating it into the broader Information Security strategy of the organization.

• Conduct privacy impact assessments for new projects, processes, or technologies involving personal data.

• Identify and document the types of personal data processed, establish the purposes of processing, and classify data based on sensitivity. Implement appropriate protection measures accordingly.

• Manage and respond to data subject access requests and inquiries related to privacy concerns.

• Provide training to employees on data protection practices and foster privacy awareness within the organization.

• Collaborate with other departments to ensure a holistic approach to data protection, fostering a culture of compliance throughout the organization.

• Support reporting authorities in implementing procedural control measures identified through audits, risk assessments, compliance reviews, etc.

• As the go-to person for data protection, the DPO ensures that data management policies align with security and compliance requirements.

• Oversee the development, implementation, and enforcement of information/data classification policies, ensuring comprehensive coverage in SOP/Baseline documents.

• Perform internal privacy audits and assessments to identify gaps and areas for improvement. Recommend and implement corrective actions as needed.

• Work with Procurement and Third-Party Risk Management teams to ensure adequacy of assessment, evaluation, and monitoring of third-party vendors that handling personal data, in terms of their data handling practices, security and contracts, to ensure they comply with privacy and data protection requirements.

• Undertake any other related duty assigned by the HOD Information Security.

• Knowledge and understanding of common data protection management frameworks & best practices.

• Ability to assess privacy impact, classify data, and establish protective measures based on sensitivity.

• Comprehensive understanding of Data Privacy strategy and its alignment with broader Information Security goals.

• Strong analytical, communication, collaboration, problem-solving, documentation and leadership Skills to convey complex data protection concepts to diverse audiences, both internal and external.

• Bachelor’s degree in a technology/engineering/information security related field required.

• Minimum 6 to 7 years of hands-on experience in Data & information security in a large enterprise environment.

• Competitive salary

• Fuel Card

• Health benefits

• Professional development opportunities

• Inclusive work culture & much more

Pakistan Single Window