Data Protection Officer

We don't think about job roles in a traditional way. We are anti-silo. Anti-career stagnation. Anti-conventional.

Beyond ONE is a digital services provider radically reshaping the personalized digital ecosystems of consumers in high-growth markets around the world. We're building a digital services aggregator platform with a strong telco foundation and a profitable growth strategy that empowers users to drive their own experience—subscribe once, source from many, and only pay for what you actually use.

Since being founded in 2021, we've acquired Virgin Mobile MEA, Friendi Mobile MEA, and Virgin Mobile LATAM (with 6.5 million subscribers) and 1600 dedicated colleagues across Chile, Colombia, KSA, Kuwait, Mexico, Oman, and UAE.

To disrupt for good takes a rebellious spirit, a questioning mind, and a warm heart. We care about how to get things done, not who manages who. We benefit from our diversity, and together, we disrupt the way we and others think about our lives for good.

Do you want to exchange ideas, learn from each other, and leave your mark on our journey This is the place for you.

About the Role

We are looking for an experienced, hands-on Data Protection Officer (DPO) to lead our global data protection strategy. In this role, you will oversee compliance across seven countries (Colombia, Chile, Mexico, Saudi Arabia, UAE, Oman, and Kuwait). You'll manage and mentor local DPOs, ensuring consistent adherence to data protection regulations. Your focus will include working with GCC's PDPL, GDPR, and other cross-border data protection laws, driving risk assessments for third parties, and maintaining a robust Data Privacy compliance framework for the business.

What You Will Do

• Comprehensive Data Protection Compliance: Ensure full compliance with all applicable data protection laws (including PDPL in GCC and GDPR), focusing on cross-border data transfers.

• Local DPO Guidance & ROPA Management: Support and guide local DPOs in maintaining Records of Processing Activities (ROPA) and Personal Information inventories to meet regional requirements.

• Transfer Impact Assessment Oversight: Conduct, manage, and review Transfer Impact Assessments (TIAs) for international data flows, identifying and mitigating key risks.

• Vendor Risk & Compliance Assurance: Lead risk assessments for third-party vendors, confirming that data protection standards are upheld for outsourced services and partnerships.

• Data Privacy Management & Process Ownership: Own and drive the Data Privacy Management (DPM) tool, overseeing consent management, data retention, deletion policies, and other privacy processes.

• DPIA Oversight & Regulatory Alignment: Manage and review Data Protection Impact Assessments (DPIAs) for high-risk processing activities, ensuring compliance with regulatory requirements.

• Regulatory Authority Liaison & Response: Act as the primary liaison with data protection authorities, handling all interactions and responses to regulatory inquiries.

• Data Protection Training & Awareness: Develop and implement training programs to maintain staff awareness of data protection laws, best practices, and internal policies.

• Regulatory Monitoring & Continuous Improvement: Monitor regulatory changes, adapt internal practices, and champion continuous improvements to data protection measures across all business regions.

What you will need

• Experience: 8–10 years in data protection and privacy, including 5+ years of full-time experience as a Data Protection Officer. Demonstrated leadership in managing and mentoring local DPOs across multiple regions.

• Skills:

1. Deep understanding of cross-border data transfer regulations (PDPL in GCC, GDPR), including Transfer Impact Assessments.
2. Strong hands-on experience with data protection tools (such as DPM), data governance, DPIAs, and risk management.
3. Proven ability to manage third-party risk assessments for vendors and service providers.
4. Excellent communication skills and proven stakeholder management across diverse business units.
5. Proficiency in English; knowledge of Arabic and Spanish is a plus.

• Other Qualifications: Additional certifications in privacy or data protection (e.g., CIPP, CIPM) are a plus.