Data Protection Officer

GlobeMed Group, the largest Healthcare Benefits Management company in the MENA region is looking for a Data Protection Officer who will ensure that the company fully complies with the data protection regulations and the applicable data protection laws. The DPO is responsible for monitoring data handling practices, assessing compliance with legal and internal requirements, managing data protection risks, and acting as the primary liaison with regulatory authorities regarding data protection matters. The DPO also advises management on strategic data governance, privacy risks, and ethical data use across the organization.

The DPO performs duties independently and without conflict of interest, with direct access to the Audit Committee and senior management.

Compliance Monitoring & Oversight

• Oversee and monitor the company's data processing activities and ensure alignment with the Data Protection Law in each territory, regulations, client's needs, and internal policies.
• Verify that the data protection procedures and controls are implemented and effectively maintained.
• Maintain comprehensive documentation to evidence compliance with client's needs, legal and regulatory obligations.
• Monitor changes in data protection legislation and recommend updates to policies and procedures as necessary.
• Participate in design and implementation of new products, systems or services to ensure privacy by design and default.
• Develop and maintain a personal data inventory and data flow mapping to support compliance documentation.
• Oversee data classification and secure handling controls of PII data

Evaluation, Assessment & Auditing

• Conduct regular reviews and audits directly or through other departments (internal audits, information governance…) of data protection policies, databases, and processing systems to ensure data accuracy, confidentiality, and integrity.
• Evaluate internal data handling systems and recommend corrective actions to address non-compliance or security weaknesses.
• Identify and assess data protection risks and track mitigation measures
• Maintain periodic reports summarizing findings, compliance levels, and recommendations for improvement.

Coordination with Regulatory & Internal Entities

• Serve as the primary point of contact between GlobeMed and regulatory authorities regarding data protection matters.
• Liaise with internal departments, IT, and Legal teams to ensure implementation.
• Provide timely responses and reports to any requests or inquiries concerning data protection.
• Coordinate with external data processors and service providers to ensure contractual and operational compliance with data protection obligations.
• Review and validate third-party privacy and security questionnaires related to data security and PII data

Complaint Handling & Data Subject Requests

• Establish and manage internal procedures for receiving and investigating data-related complaints.
• Oversee the handling of data subject requests, including requests for data access, rectification, erasure, or objection, in line with legal timeframes and in compliance with international standards such as GDPR.
• Ensure proper documentation and tracking of complaints and requests, including resolutions provided in compliance with local and international regulations.

Policy Development & Implementation

• Develop, update, and maintain data protection policies, standards, and internal procedures.
• Advise management on data protection impact assessments (DPIAs) for new projects, systems, or services involving personal data processing.
• Participate in project and system design discussions to ensure privacy by design and default.
• Ensure clear roles and responsibilities are defined and communicated to staff regarding data protection obligations.
• Review and approve new vendors and data processing agreements from a data privacy standpoint.

Awareness & Training

• Design and deliver awareness campaigns and training programs for employees on data protection principles, privacy rights, and handling procedures.
• Provide specialized training for departments handling sensitive or financial information.
• Promote a culture of accountability and ethical data use throughout the organization.
• Enforce the principle of need-to-know by ensuring that users have access only to the data required to perform their assigned job functions.

Security & Incident Management

• Work closely with the Information Security and IT teams to ensure that appropriate security controls and breach management procedures are in place.
• Oversee the investigation and documentation of any data breaches and coordinate timely notifications to affected individuals, management, and external authorities, where required by law or policy.
• Maintain a data breach register and ensure post-incident reviews are conducted.
• Ensure periodic testing and review of incident response and data breach procedures.

Recordkeeping & Reporting

• Maintain updated records of all data processing activities and ensure they meet reporting standards.
• Prepare regular compliance and risk assessment reports for senior management and the Board and regulatory bodies as needed
• Ensure that data retention and disposal practices comply with applicable regulations.
• Maintain evidence of compliance with data protection accountability principles.

Qualifications & Experience

• Bachelor's degree in Law, Information Security, or a related field.
• Minimum 5 years of experience in compliance, legal, or data protection roles, preferably in financial or healthcare sectors.
• In-depth understanding of data protection laws and the Data Protection Frameworks local, reginal and international.
• Strong knowledge of IT systems, cybersecurity principles, and data management controls.
• Familiarity with data governance and data privacy frameworks (e.g., ISO 27701, NIST Privacy Framework, GDPR, SOC2 or similar.
• Certified Data Protection Officer (CDPO), CIPP/E, or equivalent certification preferred.

Key Competencies

• High ethical standards and integrity.
• Strong organizational and leadership skills.
• Ability to interpret and apply legal and regulatory requirements, and to translate those obligations into actionable technical or operational controls and processes..
• Regional and international exposure is a must.
• Proactive, detail-oriented, and capable of handling sensitive information with discretion.
• Demonstrates confidentiality, integrity, and respect for individual privacy rights in all data handling activities.
• Upholds the company's commitment to ethical data use and accountability.
• Strong project and time management skills to oversee compliance initiatives.
• Strong interpersonal and collaboration skills to work effectively across departments.
• Excellent communication, analytical, and report-writing skills