Data Protection & Privacy Manager

Cyntin Partners is a boutique management consulting firm specializing in strategy, cybersecurity, digital transformation, and marketing.

We deliver tailored, practical solutions through small, focused teams of experienced professionals who remain closely engaged with clients to ensure impactful results.

Valuing insight, speed, and substance, we assist organizations in solving complex challenges with clarity and precision.

Our client-first approach ensures every engagement is grounded in expertise and a commitment to measurable outcomes.

Cyntin is seeking a

to establish and lead a centralized

function, governing data quality, architecture, protection, and lifecycle management across the enterprise.

This role will own the design and implementation of data classification and protection frameworks, ensuring compliance with Saudi regulations and guidance, including

, while enabling trusted data usage for decision-making, operational resilience, and secure digital transformation.

This is a high-impact role requiring both

strategic ownership

and

hands-on operational execution

.

The successful candidate must be able to define governance frameworks while actively leading technical rollout, system configuration alignment, and enterprise-wide adoption of data protection controls.

– Define and institutionalize enterprise-wide

data sensitivity tiers

(Public, Internal, Confidential, Crown Jewels), including labeling schemas and handling rules aligned with regulatory and cybersecurity requirements.

– Develop, publish, and maintain enterprise-wide

data policies, standards, and procedures

covering data classification, privacy, retention, MDM, and CMDB governance.

– Lead implementation of

data protection controls

, including encryption, Data Loss Prevention (DLP), and Rights Management (RMS).

– Drive rollout of

data labeling, DLP, and encryption

across endpoints, collaboration tools, cloud environments, databases, and enterprise systems.

– Embed data classification and privacy requirements into

SDLC, system design, and business workflows

.

– Develop and maintain

data privacy policies

,

data retention schedules

, and

.

– Implement

consent management processes

(opt-in/opt-out) and manage workflows for

.

– Conduct assessments for

international data transfers

and ensure appropriate safeguards are in place.

– Embed

privacy-by-design

principles and lead

.

– Prepare for audits, maintain compliance readiness, and coordinate internal and external assessments.

– Collaborate cross-functionally with IT, cybersecurity, legal, and business units to ensure effective implementation and adoption.

– Develop reporting frameworks and dashboards to track

data protection maturity, risks, and compliance status

.

–

– Proven hands-on experience implementing and operating

DLP solutions in enterprise environments

, beyond policy definition.

– Strong practical experience with

, including:

.

Policy creation and configuration

.

Rule tuning and optimization

.

Incident management workflows

.

Reporting and monitoring

.

Rollout across endpoints, email, web, and cloud environments

–

deploying and managing

data classification and labeling frameworks

across structured and unstructured data.

– Ability to translate regulatory requirements into

technical controls, DLP policies, and operational processes

.

–

optimizing DLP systems to reduce false positives and improve usability without compromising security.

– Hands-on exposure to

encryption, rights management, data discovery, and endpoint data protection controls

.

–

working closely with technical teams and business stakeholders to ensure seamless adoption of data protection measures.

– Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field.

–

5–8 years of experience

in data governance, privacy, or data protection within large-scale or complex organizations.

– Proven experience building or contributing to

data governance and data protection frameworks

.

– Strong experience with

data classification, DLP, and privacy program implementation

.

– Familiarity with

data cataloging or governance tools

is a plus.

– Demonstrated experience with regulatory frameworks including

, and international standards such as

.

–

managing cross-functional initiatives across IT, security, legal, and business teams.

– Strong documentation, policy development, and governance structuring skills.

)

or

)

)

– ISO/IEC 27701 Lead Implementer or Lead Auditor

– Strategic and analytical thinking with strong problem-solving ability

– Strong execution mindset with the ability to move from strategy to implementation

– Excellent stakeholder management and communication skills

– Ability to translate complex regulatory and technical concepts into actionable business practices

– Collaborative leadership style with strong cross-functional alignment skills

– Detail-oriented with strong ownership and accountability

– Results-driven with a continuous improvement mindset