Aramco energizes the world economy.
Aramco occupies a unique position in the global energy industry. We are the world’s largest producer of hydrocarbons (oil and gas), with the lowest upstream carbon intensity of any major producer.
With our significant investment in technology and infrastructure, we strive to maximize the value of the energy we produce for the world along with a commitment to enhance Aramco’s value to society.
Headquartered in the Kingdom of Saudi Arabia, and with offices around the world, we combine market discipline with a generations’ spanning view of the future, born of our nine decades experience as responsible stewards of the Kingdom’s vast hydrocarbon resources. This responsibility has driven us to deliver significant societal and economic benefits to not just the Kingdom, but also to a vast number of communities, economies, and countries that rely on the vital and reliable energy that we supply.
We are one of the most profitable companies in the world, as well as amongst the top five global companies by market capitalization.
We are seeking a Data Privacy Specialist to join the Corporate Data Office within our Digital Transformation Admin Area.
The Corporate Data Office is responsible for establishing and executing world-class Corporate-wide data governance to ensure all data assets are proactively and efficiently governed and managed across Saudi Aramco, to foster a data driven organization and promote data value realization in line with its strategic goals. This office also supports the organization to process personal data in a compliant manner, adequately protect personal data and remain transparent in the manner in which personal data is processed, whilst also ensuring it is compliant with global and local privacy laws and regulations e.g. GDPR and PDPL.
The Data Privacy Specialist role will be primarily responsible for supporting, guiding and directing the privacy and data protection compliance of personal data across the organization. This will involve communicating, supporting privacy compliance activities as per existing internal data privacy policies, standards, procedures and best practices, as well as monitoring and evaluating the organization’s adherence to these standards and guidelines. In addition to supporting the Head of Data Privacy and the Personal Data Protection Officer, the role holder will work closely with various teams, including business areas, corporate functions, legal, IT, Information Security and compliance, to ensure that data privacy and protection requirements are met.
Duties & Responsibilities
- Establish and govern an enterprise Data Privacy Compliance Program and Implementation Plan
- Establish and rollout an enterprise wide data privacy framework and operating model, with a focus on areas processing high risk personal data and/or sensitive personal data
- Outline and support activities to comply with internal data privacy policies and procedures, in order to comply with relevant privacy and data protection regulations and industry best practices
- Provide Privacy guidance, training and promote greater privacy awareness across the organization. Educate staff on applicable data privacy regulations and law, internal privacy policies, procedures and best practices.
- Establish a record of personal data processing activities (RoPAs) and mapping. Create data flow maps to understand the lineage and lifecycle of high-risk personal data within the organization
- Work with Procurement and Third-Party Risk Management teams to ensure adequacy of assessment, evaluation and monitoring of third-party vendors that hand personal data, in terms of their data handling practices, security and contracts, to ensure they comply with privacy and data protection requirements
- Support incident response and breach management process. Work with information security teams to ensure adequacy of incident response plan to handle data breaches or privacy incidents effectively. Coordinate with internal stakeholders and regulatory authorities as required
- Support business areas and corporate functions in reviewing and updating all relevant Privacy Notices or statements where relevant
- Conduct internal privacy audits and assessments to identify gaps and areas for improvement. Recommend and implement corrective actions as needed
- In conjunction with the DPO, Legal, Information Security, IT and other stakeholders, provide regular progress reports to the relevant Stakeholders
Education & Experience Requirements
- Bachelor’s degree in a relevant field (e.g. Computer Science, Information Systems, Law, or a related discipline). Certifications in privacy and data protection (e.g. CIPP, CIPT, CIPM) are highly preferred
- At least ten (10) years of experience working for major global organizations, with broad data experience, including at least five (5) years specifically part of a Privacy Compliance Program and/or Privacy Office
- In-depth, subject matter expert knowledge of global data protection regulations and standards (e.g. GDPR, CCPA) as well as the new PDPL coming into effect within the Kingdom of Saudi Arabia
- Strong understanding of privacy and security frameworks, principles and best practices
- Strong understanding of data privacy policies, procedures and guidelines
- Extensive experience working within a Privacy Office for a large global organization
- Experience with supporting incident response and breach management process
- Should have extensive experience handing data subject requests
- Familiarity with data classification, data flows / mapping and personal data inventory methodologies, including records of processing activities capture
- Analytical mindset with the ability to assess privacy risks and develop practical solutions
- Strong attention to detail and the ability to work independently as well as in a team
- Knowledge of privacy compliance tools and technologies, including data anonymization tools.
Our high-performing employees are drawn by the challenging and rewarding professional, technical and industrial opportunities we offer, and are remunerated accordingly.
At Aramco, our people work on truly world-scale projects, supported by investment in capital and technology that is second to none. And because, as a global energy company, we are faced with addressing some of the world’s biggest technical, logistical and environmental challenges, we invest heavily in talent development.
We have a proud history of educating and training our workforce over many decades. Employees at all levels are encouraged to improve their sector-specific knowledge and competencies through our workforce development programs – one of the largest in the world.