Data Protection & Privacy Manager

About This Role

Company Description

Cyntin Partners is a boutique management consulting firm specializing in strategy, cybersecurity, digital transformation, and marketing. We deliver tailored, practical solutions through small, focused teams of experienced professionals who remain closely engaged with clients to ensure impactful results. Valuing insight, speed, and substance, we assist organizations in solving complex challenges with clarity and precision. Our client-first approach ensures every engagement is grounded in expertise and a commitment to measurable outcomes.

Position Overview

Cyntin is seeking a  Data Protection & Privacy Manager  to establish and lead a centralized  Data Privacy & Protection  function, governing data quality, architecture, protection, and lifecycle management across the enterprise.

This role will own the design and implementation of data classification and protection frameworks, ensuring compliance with Saudi regulations and guidance, including  PDPL, NCA, and NDMO , while enabling trusted data usage for decision-making, operational resilience, and secure digital transformation.

This is a high-impact role requiring both  strategic ownership  and  hands-on operational execution . The successful candidate must be able to define governance frameworks while actively leading technical rollout, system configuration alignment, and enterprise-wide adoption of data protection controls.

Key Responsibilities

–  Define and institutionalize enterprise-wide  data sensitivity tiers  (Public, Internal, Confidential, Crown Jewels), including labeling schemas and handling rules aligned with regulatory and cybersecurity requirements.

–  Develop, publish, and maintain enterprise-wide  data policies, standards, and procedures  covering data classification, privacy, retention, MDM, and CMDB governance.

–  Lead implementation of  data protection controls , including encryption, Data Loss Prevention (DLP), and Rights Management (RMS).

–  Drive rollout of  data labeling, DLP, and encryption  across endpoints, collaboration tools, cloud environments, databases, and enterprise systems.

–  Embed data classification and privacy requirements into  SDLC, system design, and business workflows .

–  Develop and maintain  data privacy policies ,  data retention schedules , and  Records of Processing Activities (ROPA) .

–  Implement  consent management processes  (opt-in/opt-out) and manage workflows for  Data Subject Rights requests .

–  Conduct assessments for  international data transfers  and ensure appropriate safeguards are in place.

–  Embed  privacy-by-design  principles and lead  Privacy-Driven Impact Assessments (PDIA) .

–  Prepare for audits, maintain compliance readiness, and coordinate internal and external assessments.

–  Collaborate cross-functionally with IT, cybersecurity, legal, and business units to ensure effective implementation and adoption.

–  Develop reporting frameworks and dashboards to track  data protection maturity, risks, and compliance status .

–  

Operational / Hands-On Requirements

–  Proven hands-on experience implementing and operating  DLP solutions in enterprise environments , beyond policy definition.

–  Strong practical experience with  Forcepoint DLP / Forcepoint Data Security , including:

.    Policy creation and configuration

.    Rule tuning and optimization

.    Incident management workflows

.    Reporting and monitoring

.    Rollout across endpoints, email, web, and cloud environments

–  Experience deploying and managing  data classification and labeling frameworks  across structured and unstructured data.

–  Ability to translate regulatory requirements into  technical controls, DLP policies, and operational processes .

–  Experience optimizing DLP systems to reduce false positives and improve usability without compromising security.

–  Hands-on exposure to  encryption, rights management, data discovery, and endpoint data protection controls .

–  Experience working closely with technical teams and business stakeholders to ensure seamless adoption of data protection measures.

Qualifications & Experience

–  Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field.

–   5–8 years of experience  in data governance, privacy, or data protection within large-scale or complex organizations.

–  Proven experience building or contributing to  data governance and data protection frameworks .

–  Strong experience with  data classification, DLP, and privacy program implementation .

–  Familiarity with  data cataloging or governance tools  is a plus.

–  Demonstrated experience with regulatory frameworks including  Saudi PDPL, SDAIA, NDMO, NCA ECC/DCC , and international standards such as  GDPR .

–  Experience managing cross-functional initiatives across IT, security, legal, and business teams.

–  Strong documentation, policy development, and governance structuring skills.

Preferred Certifications

–  Certified Information Privacy Manager ( CIPM )

–  Certified Information Privacy Professional ( CIPP/E  or  CIPP/GCC )

–  Certified Data Privacy Solutions Engineer ( CDPSE )

–  ISO/IEC 27701 Lead Implementer or Lead Auditor

Key Competencies

–  Strategic and analytical thinking with strong problem-solving ability

–  Strong execution mindset with the ability to move from strategy to implementation

–  Excellent stakeholder management and communication skills

–  Ability to translate complex regulatory and technical concepts into actionable business practices

–  Collaborative leadership style with strong cross-functional alignment skills

–  Detail-oriented with strong ownership and accountability

–  Results-driven with a continuous improvement mindset