Data Privacy Lead Consultant | Financial Services

Capco is a leading global technology and management consultancy that excels in driving digital transformation within the financial services and insurance sectors. With an unwavering commitment to delivering practical solutions, we empower our clients to navigate the complexities of today's fast-paced market. Our integrated services span across major financial hubs worldwide, ensuring that we are always close to our clients and their needs.

At Capco, we possess not only the expertise but also the vision and passion necessary to lead transformative change. As we embark on an exciting growth journey, this is the perfect moment to join our team. We are expanding geographically, increasing our workforce, and poised to disrupt the consulting landscape across APAC with our entrepreneurial spirit and agile methodologies.

The Role

We are seeking a highly skilled and experienced Data Privacy Lead Consultant to join our data security team that guides clients through complex data protection landscapes, particularly with PDPL and NDMO compliance. The candidate should have strong knowledge and experience in developing privacy frameworks that align with regulatory standards. You will play a critical role in advising and supporting our clients to process personal data in a compliant manner, adequately protect personal data and remain transparent in the way personal data is processed, whilst also ensuring it is compliant with local privacy laws and regulations. You will work closely with cross-functional teams to assess, design, and implement data management governance frameworks that ensure the quality, integrity, and security of data across the organization.

Duties & Responsibilities

• Develop, implement, and maintain robust Data privacy and protection per NDMO, NCA, and ISO 27701 standards.
• Help clients with create records of all processing activities of the company. Maintain RoPAs and mapping. Support creation of data flow maps to understand the lineage and lifecycle of high-risk personal data within the organization
• Establish and rollout an enterprise-wide data privacy framework and operating model, with a focus on areas processing high risk personal data and/or sensitive personal data
• Outline and support activities to comply with internal data privacy policies and procedures, to comply with relevant privacy and data protection regulations and industry best practices
• Conduct internal privacy audits and assessments to identify gaps and areas for improvement. Recommend and implement corrective actions as needed
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with the organization's key stakeholders
• Ensure that client policies are in compliance with codes of practice such as PDPL (Personal Data Protection Law).
• Inform and advise the data controller or data processor on all matters related to data protection
• Work with Procurement and Third-Party Risk Management teams to ensure adequacy of assessment, evaluation and monitoring of third-party vendors that hand personal data
• Support business areas and corporate functions in reviewing and updating all relevant Privacy Notices or statements where relevant
• Advise on ongoing maintenance and maturity of the organisations data subject rights request
• Promote greater privacy awareness across the organization and a culture of data protection and compliance
• Provide Privacy guidance, training and educate staff on applicable data privacy regulations and law, internal privacy policies, procedures and best practices.
• Work with information security teams to ensure adequacy of incident response plan to handle data breaches or privacy incidents effectively.
• Collaborate with business units, IT teams, and other stakeholders to define data governance and protection roles and responsibilities.

The candidate must have:

• Proven experience as a Data Privacy Lead Consultant or in a similar role.
• Proficient in various regulatory frameworks (ISO 27001,27005,22301,31000,27701,NCA ,SAMA,NIST and PCI DSS)
• Proven experience in implementing personal data protection with a strong understanding of the relevant regulatory frameworks.
• Strong knowledge of information security and protection (classification, and data privacy)
• Familiarity with data regulations and compliance standards and framework locally (e.g., PDPL, NDMO) and globally (GDPR, CCPA, NIST)
• Ability to work independently and collaboratively in a client-facing role.
• Excellent communication and interpersonal skills.

Preferably, the candidate will also have:

• Knowledge of data governance best practices, data quality management, data modelling.
• CDMP and CIPP Certified
• Hands-on experience in data governance or data quality tools (e.g., Informatica, Talend, and Collibra).
• Arabic speaker.