Data Governance Officer
Sharjah
Contract
Related Jobs
Data Governance & Privacy Officer
Level: Mid-Level Individual Contributor
Location: Sharjah, UAE
Experience Required: 3 – 4 Years
(Yearly Renewable Contract)
Key Responsibilities
• Maintain and continuously improve the enterprise data classification framework, ensuring
all data assets across retail, corporate, treasury, and SME functions are tagged,
catalogued, and governed per CBUAE guidelines and UAE PDPL requirements.
• Support the preparation and maintenance of the Records of Processing Activities
(ROPA), keeping inventories accurate, complete, and audit-ready at all times.
• Conduct and document Privacy Impact Assessments (PIAs) and Data Protection Impact
Assessments (DPIAs) for new products, systems, and processing activities, escalating
material risks to the Data Protection & Privacy Specialist.
• Manage the end-to-end lifecycle of Data Subject Rights (DSR) requests – access,
rectification, erasure, and portability – ensuring timely responses within regulatory
deadlines.
• Monitor and support the bank’s consent management processes, identifying gaps in
consent collection across digital and branch channels and proposing remediation
measures.
• Coordinate the third-party vendor privacy review process by assessing Data Processing
Agreements (DPAs) and tracking vendor compliance obligations on an ongoing basis.
• Serve as the operational point of contact for data privacy incidents: logging, triaging, and
supporting investigation and notification activities in line with UAE PDPL breach
requirements.
• Deliver targeted privacy awareness sessions and e-learning campaigns to business units,
supporting the bank’s network of Risk Champions and reinforcing a culture of data
stewardship.
• Track regulatory developments across UAE PDPL, CBUAE data and cybersecurity
circulars, and applicable ISO standards (27001/27701), preparing briefing notes for senior
review.
• Prepare documentation, evidence packs, and gap analyses to support internal audits,
regulatory examinations, and ISO certification maintenance activities.
Required Qualifications
• 3 – 4 years of professional experience in data privacy, data governance, information
security, or a related compliance function – within a bank, fintech, or regulated financial
institution.
• Working knowledge of the UAE Personal Data Protection Law (Federal Decree-Law No.
45 of 2021) and CBUAE Consumer Data Protection Regulation.
• Hands-on experience supporting ROPA maintenance, DPIA/PIA execution, and data
subject rights fulfilment.
• Professional certification in data privacy or governance: CIPP/E, CIPM, CDMP, or
equivalent – must be active or recently completed.
• Bachelor’s degree in Information Technology, Computer Science, Law, Business
Administration, or related discipline.
• Awareness of ISO 27001 and ISO 27701 frameworks and their practical application in a
financial services context.
Preferred Qualifications
• Exposure to Islamic banking operations and an understanding of Sharia-compliant
principles as they relate to customer data handling.
• Experience working within a CBUAE-regulated institution or supporting a CBUAE CPR
compliance programme.
• Familiarity with GRC (Governance, Risk & Compliance) tools or data cataloguing
platforms.
• Basic understanding of cybersecurity principles, including data breach response protocols
and third-party risk management.
• Completed training or certification in GDPR, India’s DPDP Act, or other global privacy
regimes – demonstrating cross-jurisdictional awareness.
Key Competencies
• Regulatory Acuity – Ability to interpret UAE PDPL, CBUAE guidelines, and ISO standards,
and translate them into actionable internal controls.
• Analytical Rigour – Structured approach to risk identification, documentation, and gap
assessment with strong attention to detail.
• Stakeholder Communication – Capable of distilling complex privacy requirements for non
technical audiences across business units.
• Operational Follow-Through – Disciplined in tracking deliverables, maintaining audit trails,
and closing open actions without close supervision.
• Integrity & Discretion – Handling confidential customer and institutional data with the
highest standards of professional responsibility.
• Collaborative Mindset – Works effectively within a small specialist team, contributes to
cross-functional risk champion networks, and escalates appropriately.