Data Privacy Associate

Role Summary

The Data Privacy Analyst will be deployed onsite at a client location in Doha to support implementation and operationalization of the organization's privacy governance program. The role focuses on implementing drafted privacy policies, procedures, and privacy notices across departments, verifying compliance through internal audits/gap assessments, and preparing for external audits. The analyst will also drive privacy-by-design practices within applications and provide continuous monitoring and training to sustain compliance with applicable privacy laws and ISO standards (e.g., ISO/IEC

Key ResponsibilitiesPrivacy Program Implementation

• Support the client in implementing drafted policies, procedures, and privacy notices across relevant departments.
• Coordinate with process owners to embed privacy requirements into day-to-day operations (HR, IT, Legal, Procurement, Customer Support, etc.).
• Maintain privacy governance artefacts such as ROPA, DPIA/PIA records, consent logs, data sharing registers, and retention schedules.

Compliance Assessments and Audit Readiness

• Carry out internal audits or gap assessments to verify compliance and identify improvement areas.
• Assist in preparing documentation, evidence, and walkthroughs required for upcoming external audits (ISO/IEC 27701, customer audits, regulatory reviews).
• Track corrective actions and support closure of nonconformities, observations, and improvement actions.

Awareness, Training, and Change Management

• Deliver awareness sessions and training to ensure staff understand and follow governance and privacy requirements.
• Create simple, role-based guidance materials (FAQs, quick reference guides, checklists) to drive adoption.

Monitoring and Ongoing Support

• Provide ongoing monitoring and compliance support to maintain adherence to policies and regulatory expectations.
• Support privacy incident management processes: intake, triage, documentation, and coordination with stakeholders for remediation and reporting as required.
• Assist with vendor/third-party privacy compliance activities (DPAs, due diligence questionnaires, evidence collection).

Privacy-by-Design and Application Guidance

• Provide guidance on embedding privacy features in applications, including data minimization, consent management, access controls, and secure data handling.
• Support review of system changes, new projects, and integrations for privacy impacts; assist with DPIA completion and sign-offs.
• Work closely with IT/security teams to align privacy controls with security controls (e.g., access management, encryption, logging, retention, secure disposal).

Standards & Regulatory Alignment

• Support alignment with
  ISO/IEC 27701
  (PIMS) and
  ISO/IEC 27001
  controls related to privacy and information security.
• Support compliance with applicable privacy laws and regulatory requirements (e.g.,
  PDPL
  and relevant Qatar data protection expectations, as applicable to the client's sector).

Qualifications

• Bachelor's degree in Information Security, IT, Law, Compliance, Risk Management, or related field.
• 2–5 years of experience in privacy, GRC, information security, or compliance roles (preferably in regulated sectors).
• Working knowledge of
  ISO/IEC 27701
  and privacy governance frameworks (privacy policies, ROPA, DPIA, DSAR, retention, consent).
• Familiarity with PDPL concepts and common privacy regulatory expectations in the region.
• Experience supporting audits (internal/external), evidence collection, and control implementation.

Preferred Certifications

• ISO/IEC 27701 Foundation/Lead Implementer/Lead Auditor (preferred)
• ISO/IEC 27001 LI/LA (advantage)
• IAPP (CIPP/E, CIPM) or equivalent (advantage)

Key Skills

• Strong stakeholder management and the ability to work across departments.
• Excellent documentation skills (procedures, templates, registers, evidence packs).
• Good understanding of privacy controls in applications (consent, minimization, access control, secure processing).
• Analytical mindset for identifying gaps and driving practical remediation.
• Clear communication skills for training and awareness delivery.

Deliverables / Outcomes

• Policies, procedures, and notices implemented and adopted across departments.
• Completed internal audit/gap assessment reports with tracked corrective actions.
• Audit-ready evidence pack and walkthrough support for external audits.
• Staff awareness program executed with attendance and effectiveness records.
• Continuous compliance monitoring and monthly status reporting.

Reporting & Working Model

• Reports to: Privacy Program Manager / GRC Lead (Project)
• Work location: Client site (Doha), with coordination with remote project team as needed.