L

Data Protection & Privacy Officer

Lucidya
Full-time
On-site
Remote

The DPO acts as the central authority for privacy governance, balancing legal, operational, and technical controls across departments to safeguard customer and employee data. (Operational & Technical – focused on data protection, security, and governance)

Key Responsibilities

1. Governance & Oversight

  • Own and maintain the company-wide data privacy and protection framework.
  • Serve as the primary liaison between internal teams, auditors, and regulators on all privacy-related matters.
  • Develop, implement, and maintain privacy and security policies in alignment with ISO 27001, NCA ECC/CCC, and PDPL standards.
  • Work closely with Product & Engineering to ensure privacy and security by design are embedded into all products and workflows.
  • Track data flows across SaaS infrastructure, including cloud hosting, backups, and third-party integrations.
  • Define and enforce policies on data handling, sharing, and lifecycle management across all departments.
  • Maintain a data inventory, ensuring proper classification, access control, and retention practices.
  • Act as the point of contact for data subject rights requests (DSRs), including access, correction, and deletion requests.

2. Access Control & Data Handling

  • Design and enforce Role-Based Access Control (RBAC) to grant or restrict capabilities based on role and authority.
  • Ensure all data handling, storage, and transfers adhere to industry-accepted standards, encryption, and security best practices.
  • Oversee incident response and data breach management in coordination with IT Security and relevant stakeholders.

3. Third-Party Compliance

  • Lead the compliance review and approval process before licensing or integrating any third-party tools, vendors, or data processors.
  • Maintain a Third-Party Risk Register, tracking compliance obligations, data protection requirements, and mitigation actions.
  • Manage incident response and reporting for security or privacy breaches involving external vendors.

4. Training & Awareness

  • Design and deliver data privacy and security awareness programs for all employees and new hires.
  • Develop and administer role-specific training for teams that process or manage personal data (e.g., Product, Marketing, Customer Success).
  • Promote a culture of privacy across the organization through ongoing communication and engagement initiatives.

5. Continuous Improvement

  • Conduct periodic Privacy Impact Assessments (PIAs), risk assessments, and internal audits.
  • Continuously monitor and interpret local and international data protection regulations, including GDPR, PDPL, and related NCA frameworks.
  • Recommend and implement updates to privacy policies, security controls, and governance frameworks as regulations or technologies evolve.

Requirements

Qualifications & Skills:

  • Required:
    • Bachelor’s degree in Information Security, Computer Science, or related field.
    • 4 years of experience in data privacy, security, or compliance.
    • Experience in auditing and handling incidents within a corporate environment.
    • Strong knowledge of PDPL, GDPR, NCA Cybersecurity Controls, and ISO 27001.
    • Experience managing data protection policies, data inventories, and breach response.
    • Familiarity with SaaS environments and third-party/vendor risk.
    • Certifications such as CIPM, CISA, or ISO 27701 are a plus.