Data Privacy & Compliance Consultant – PDPL, GDPR, Data Governance

Data Privacy & Compliance Consultant – PDPL, GDPR, Data Governance
Location: Cairo , Egypt
Reporting to: Director – Data Privacy & Cyber Governance
Company: Saudi Cybersecurity & Compliance Consultancy

Role Summary

We are seeking a Senior Data Privacy & Compliance Consultant with extensive experience in Saudi PDPL, GDPR, and enterprise Data Governance engagements. The consultant will lead privacy assessments, implementation programs, data mapping exercises, DPIAs, documentation development, and compliance readiness across entities regulated by SAMA, NCA, MCIT, and other Saudi authorities.

This role requires advanced consulting skills, strong documentation abilities, and the ability to interact with senior stakeholders. The candidate will support pre-sales, negotiations, solution design, delivery execution, and post-sales advisory, with potential performance-based bonuses tied to sales contribution.

Core Responsibilities

• Lead PDPL compliance assessments across governance, operational, and technical domains.
• Conduct data mapping, maintain records of processing activities, and document end-to-end data flows.
• Execute DPIAs and privacy risk assessments.
• Develop PDPL and GDPR-compliant documentation including privacy policies, consent management processes, privacy notices, data retention schedules, and data subject rights procedures.
• Review third-party contracts, DPAs, and cross-border transfer mechanisms for compliance.
• Support implementation of privacy controls, privacy-by-design practices, and remediation plans.

Client-Facing & Commercial Responsibilities

• Lead privacy engagements, manage timelines, and oversee stakeholder communications.
• Conduct workshops, interviews, and governance sessions.
• Provide regulatory advisory on PDPL, GDPR, and global privacy frameworks.
• Prepare clients for audits, inspections, and regulatory submissions.
• Support pre-sales activities, proposal writing, solution design, and client demonstrations.
• Assist in identifying upsell opportunities including extended PDPL implementation, privacy GRC tooling, training sessions, and DPIA services.

Post-Sales & Implementation

• Guide clients in implementing PDPL controls, operationalizing compliance, and developing privacy frameworks.
• Establish and document Data Subject Rights (DSR) workflows.
• Support deployment of privacy technologies (DLP, discovery, monitoring) where needed.
• Track remediation progress, validate evidence, and prepare closure files.
• Review documentation produced by junior analysts and ensure alignment with regulatory expectations.
• Contribute to internal templates, methodology refinement, and privacy playbooks.

Key Deliverables

• Gap analyses and privacy risk reports (PDPL & GDPR).
• Governance documentation including policies, SOPs, and retention schedules.
• Remediation roadmaps and data governance frameworks.
• Technical outputs such as data maps, DSR workflows, DPIA reports, and cross-border transfer assessments.
• Executive-level presentations, compliance dashboards, and maturity assessments.

Qualifications & Experience

• Strong experience with Saudi PDPL (mandatory) and GDPR.
• Knowledge of data governance methodologies, DPIAs, records of processing activities, and privacy risk methodologies.
• Understanding of cybersecurity, GRC, and enterprise IT architecture.
• 6–12+ years in privacy, cybersecurity, governance, or risk.
• Mandatory client-facing consulting experience.
• Preferred experience in banking, fintech, telecom, and other critical sectors.

Preferred Certifications:

• CDPSE (ISACA)
• CIPP/E, CIPM, CIPT
• ISO 27701 Lead Implementer / Lead Auditor
• ISO 27001 LI/LA (advantage)
• Privacy engineering or DPO certifications (preferred)

Skills & Competencies

• Strong regulatory knowledge of PDPL and GDPR.
• Excellent analytical skills for interpreting privacy risks and regulatory gaps.
• High-level documentation and executive communication skills.
• Ability to engage with C-level executives and legal teams.
• Structured, professional, and client-oriented consulting mindset.
• Ability to support solution selling and negotiations.

Engagement Model & Expectations

• Lead multiple privacy and governance engagements concurrently.
• Maintain quality standards aligned with global consulting firms.
• Support both sales and delivery streams.
• Serve as a trusted advisor to client-side legal, risk, compliance, and cybersecurity teams.
• Operate independently in a fully remote environment with high discipline.