×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Data Security Cybersecurity Data Analyst Information Security

Senior Data Protection & ESG Lead

Job in Dubai, Dubai, UAE/Dubai
Listing for: Astra Tech
Full Time position
Listed on 2026-05-27
Job specializations:
  • IT/Tech
    Data Security, Cybersecurity, Data Analyst, Information Security
Salary/Wage Range or Industry Benchmark: 200000 - 300000 AED Yearly AED 200000.00 300000.00 YEAR
Job Description & How to Apply Below

Role Summary

The Senior Manager, Data Protection and ESG is accountable for the design, implementation and continued effectiveness of the Group’s data protection and ESG compliance frameworks across all Astra Tech entities licensed locally and internationally, including the regulatory perimeter of the Central Bank of the UAE (CBUAE), the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM), and the Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre (DIFC) in the UAE, and elsewhere in other jurisdictions.

The role serves as the Group’s single point of accountability for personal data processing activities and for ESG related disclosure, governance and reporting obligations. The incumbent works in close partnership with Business, Product, Technology, Procurement, Human Resources, Legal and Risk teams to embed data protection principles into customer journeys, products, vendor arrangements and operational processes.

The Senior Manager, Data Protection and ESG is the primary liaison for internal assurance functions (Internal Audit and Compliance Monitoring and Testing) and for external regulators (including CBUAE thematic reviews and examinations, FSRA and DFSA supervisory engagements, and data protection commissioners in ADGM and DIFC) on all matters related to data protection and ESG locally, as well as international regulatory reviews/ queries.

Responsibilities

Data Protection:
Regulatory Gap Assessment and Remediation
  • Conduct an initial end to end gap assessment of the Group’s data protection posture against all applicable regulatory requirements set out in Section 2, separately for each Astra Tech entity.
  • Benchmark current state against international standards where relevant (GDPR, ISO/IEC 27701, ISO 14001, IFRS S1/S2, TCFD, GRI) to anticipate regulatory direction of travel.
  • Document findings in a structured Gap Assessment Report, with prioritised, risk rated remediation actions, owners and target dates.
  • Define, mobilise and track the multi-year Data Protection Remediation Roadmap, ensuring delivery within agreed timelines and reporting progress.
Data Protection:
Specific Responsibilities
  • Discharge the formal Data Protection Officer (DPO) responsibilities required under applicable laws and regulations, including monitoring compliance, advising on processing operations and acting as the contact point for data subjects and supervisory authorities.
  • Maintain the Group Record of Processing Activities (RoPA), data inventory and data flow maps across all in scope entities, processes and systems.
  • Draft, maintain and obtain approval for all Data Protection policies, standards and procedures, ensuring alignment with the CBUAE CPR data and confidentiality provisions, UAE PDPL, ADGM DPR 2021 and DIFC DPL and benchmarked against international standards.
  • Review, update and version control all data related customer facing documentation, including Data Privacy Notice/ Policy, Cookie Notices, Data and Marketing related Consents, Terms and Conditions (data clauses), product disclosures, marketing opt in mechanisms and data subject rights communications.
  • Embed data protection clauses (controller and processor allocations, sub processor controls, cross border transfer mechanisms, audit rights, breach notification, return and deletion) into Master Service Agreements (MSAs), Data Processing Agreements (DPAs), inter affiliate agreements, vendor contracts and employee contracts, in coordination with Legal and Procurement.
  • Lead the design, business case, vendor selection and implementation of an Enterprise-wide Consent Management (ECM) system covering web, mobile, branch, call centre and third-party channels.
  • Define consent taxonomies, lawful bases, purpose registers, retention rules and re consent triggers, ensuring these are reflected consistently in the ECM platform and downstream systems.
  • Operate the Data Protection Impact Assessment (DPIA), Transfer Impact Assessment (TIA) and Legitimate Interest Assessment (LIA) processes for new products, services, technologies, AI and model use cases, vendor engagements and material changes.
  • Perform a Data Protection Impact…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search