Associate Director - Data Protection & Information Security (UAE National)
DMCC (Dubai Multi Commodities Centre) · Dubai, United Arab Emirates
قدّم وتابع مع أبلاي إيدجAbout UsDMCC is a government entity established in 2002 to enhance commodity trade flows through Dubai. We perform a range of roles which continue to position Dubai as the preferred destination for global commodities trade and DMCC as the world’s No.1 Free Zone.Company Profile:DMCC is a center of global trade. Headquartered in Dubai, DMCC is the world’s most interconnected Free Zone, home to over 25,000 member companies and the leading trade and enterprise hub for commodities. Whether developing vibrant neighborhoods with world-class property like Jumeirah Lakes Towers and the much-anticipated Uptown Dubai or delivering high-performance business services, DMCC provides everything its dynamic community needs to live, work, and thrive. Made for Trade, DMCC is proud to sustain and grow Dubai’s position as the place to be for global trade today and long into the future.Role Summary:The Associate Director – Data Protection & Information Security is responsible for developing, implementing, and maintaining the organization's enterprise information security program to protect information assets, systems, and business operations. The role ensures that security practices align with business objectives, regulatory requirements, industry standards, and risk management frameworks,The role is responsible for overseeing the organization's data protection and privacy program, ensuring compliance with applicable data protection laws and regulations, including the UAE Personal Data Protection Law (PDPL), GDPR, and other relevant privacy frameworks. The DPO serves as an on-privacy matters, monitors compliance, manages privacy risks, and acts as the primary point of contact for regulatory authorities and data subjects.Key Responsibilities:Provide strategic governance over DMCC’s information security framework alignment with business objectives, regulatory requirements and executive management direction.Develop, maintain, and enforce enterprise information security policies, standards, procedures, and guidelines. Ensure alignment of security initiatives with business goals and strategic objectives.Develop, implement, and maintain data protection policies, procedures, and standards.Monitor compliance with applicable data protection and privacy laws.Establish data governance and management frameworks.Maintain records of processing activities and data inventories.Ensure that all DMCC data are classified as per Dubai Data Law and ensure that the are protected as per the data classification policy.Maintain the organization's information security risk register including non-digital assets.Conduct and review Data Protection Impact Assessments (DPIAs). Conduct and review Data Protection Impact Assessments (DPIAs).Oversee processes for handling data subject requests, including, access requests, rectification requests, erasure requests, objection requests and data portability requests.Ensure that the consent management records are properly maintained.Ensure requests are handled within regulatory timeframes.Support the investigation and management of personal data breaches.Coordinate breach notification processes with regulators and affected individuals where required.Maintain records of privacy incidents and corrective actions.Review contracts and Data Processing Agreements (DPAs).Assess vendor compliance with privacy requirements.Monitor international data transfers and applicable safeguards.Develop and Maintain Business Continuity Program, refresh Business Impact Analysis, re-perform risk assessments and ensure that the business continuity and recovery plans are updated.Conduct testing exercise, provide crisis management support.Develop and deliver Business Continuity Management awareness and training to employees.Cognizance of security controls across infrastructure, applications, cloud environments, and third-party services.Ensure security monitoring reports KPI numbers are collected and presented to the IT Steering Committee.Serve as the primary contact point for data protection authorities.Respond to regulatory inquiries, audits, and investigations.Stay informed of developments in privacy legislation and best practices.Monitor regulatory changes and recommend necessary security controls and compliance measures.Provide regular reports to senior management regarding data security, privacy compliance status, risks and incidents, improvement initiatives and regulatory developments.Promote a security-first and data protection culture across the organization.Develop and deliver privacy awareness and training programs.Qualifications:Bachelor’s degree in law, Information Security, Compliance, Risk Management, Information Technology, or a related field.CISM or CISSP or Similar qualification.10+ years of experience in information security, privacy, compliance, legal, or risk management.Strong knowledge of:UAE Personal Data Protection Law (PDPL)GDPRISO 27001Information Security Management Systems (ISMS)Data governance and information security principlesCyber Security Expertise, Compliance and Regulatory Knowledge, Data Privacy and Protection Expertise, Emerging Technology Knowledge, Business AcumenThe successful candidate will enjoy the following:Working at the world’s best Free Zone with highly motivated colleaguesA very diverse workforce from all around the globeWell-being initiatives all over the yearMarket competitive basic salaryHousing allowanceTransportation allowanceNational AllowanceAnnual flight allowanceOther alternative family benefitsPension SchemeDiscretionary bonus schemesGenerous annual leaveMedical and life insurance coverFree covered parkingRetail discounts with over 450 outlets across JLT.