Data Protection Officer

About The Position

Requirements

• Deep expertise in global data protection laws, including GDPR, CCPA/CPRA, LGPD, and related frameworks.
• Proven experience managing data protection programs aligned with organizational risk and scale.
• Strong understanding of IT systems, data processing operations, and information security practices.
• Familiarity with privacy risk assessments, certifications, and audit frameworks (e.g., SOC 2, ISO 27001).
• Ability to handle highly sensitive information with discretion and confidentiality.
• Ability to professionally undertake and perform during stressful situations.
• Knowledge of the professional services industry and operational data flows.
• Demonstrated leadership and project management experience.
• Ability to communicate effectively with: Executive leadership and decision-makers; Customer leadership and delivery management; Data subjects and regulators; Cross-border stakeholders across cultures; Vendors and subcontractors.
• High degree of integrity, ethics, and professional judgment.
• Self-awareness to identify knowledge gaps and proactively address them.

Responsibilities

• Inform, advise, and issue recommendations to the organization regarding obligations under global data protection laws (GDPR, CCPA/CPRA, etc.).
• Monitor compliance with applicable regulations and internal policies.
• Track regulatory developments and translate them into operational business processes.
• Act as the primary point of contact with supervisory authorities and regulators.
• Develop, implement, and maintain a global data protection program commensurate with the sensitivity, complexity, and volume of data processed.
• Implement privacy technical and organization systems to support the data privacy program.
• Foster a strong data protection culture across all business units.
• Promote and enforce principles such as: Lawful, fair, and transparent processing; Data minimization and purpose limitation; Privacy by design and by default; Security of processing; Accountability and governance.
• Provide advice and participate in Data Protection Impact Assessments (DPIAs/PIAs).
• Define methodologies and oversee execution of DPIAs/PIAs.
• Evaluate whether assessments are properly conducted and compliant.
• Recommend appropriate technical and organizational safeguards to mitigate risk.
• Conduct privacy risk assessments across operations, including client engagements.
• Maintain and oversee Records of Processing Activities (RoPA).
• Ensure documentation of decisions made in alignment with or contrary to DPO advice.
• Evaluate and monitor data processing activities across the organization.
• Provide consultation and oversight during data breaches or privacy incidents.
• Ensure compliance with breach notification and communication requirements.
• Collaborate with security teams on incident response involving personal data.
• Oversee processes to ensure timely handling of data subject requests.
• Ensure compliance with legal response timelines and obligations.
• Act as a point of contact for data subjects globally.
• Ensure appropriate data protection agreements are in place.
• Liaise with third-party processors and controllers.
• Evaluate third-party data protection posture and compliance.
• Develop and deliver privacy training programs for employees and subcontractors.
• Promote awareness and accountability across the organization.
• Ensure ongoing education aligned with evolving regulatory requirements.
• Partner with Security, Audit, Legal, Contracts, IT, HR, project managers and business leaders to embed privacy into delivery and operations.
• Review all and redline privacy language in all customer, vendor and subcontractor agreements.
• Participate in strategic initiatives to ensure privacy-by-design implementation.
• Participate in various audit activities.