Associate Director - Data Protection

Established in 2004, Dubai Holding is a global investment company with investments in more than 34 countries and a combined workforce of nearly 45,000 individuals. In line with the vision of Dubai’s leadership and economic diversification strategy, Dubai Holding companies have nurtured sectors, irrevocably transforming Dubai’s socio-economic landscape and positioning Dubai as a diversified, globally integrated economy.

Dubai Holding is committed to the diversification of Dubai’s non-oil economy. Our portfolio, valued at over AED 280 billion, spans 10 sectors, including real estate, hospitality, leisure & entertainment, ICT, design, education, media, retail, manufacturing & logistics, and science.

For the Good of Tomorrow

Dubai Holding is looking to hire an Associate Director – Data Protection in the Legal Department . The role holder will report to the Head of Data Protection and be responsible for managing and continuously enhancing the organization’s data protection framework to ensure compliance with applicable data privacy laws and internal standards. This includes oversight of policy governance, operational procedures, records of processing, vendor risk, data subject rights, and privacy-by-design initiatives. The role holder will have to ensure effective incident management, conducts assurance reviews, and collaborates cross-functionally to embed privacy practices across the business. Additionally will also lead enterprise-wide training and awareness programs to foster a privacy-conscious culture and ensure alignment with strategic data protection objectives.

If you are excited to begin a rewarding journey where your skills matter and your work truly counts, we would love to connect with you.

Key Accountabilities :

Governance & Framework Enhancement

• Manage, and continuously enhance the organization’s data protection framework, ensuring that all policies, procedures, and templates are up-to-date, practical, and aligned with applicable data protection laws and business needs
• Review all policies at least annually or following major regulatory or organizational changes and ensure the updates are approved in accordance with the Group DOA, changes clearly communicated and acknowledged by all relevant Stakeholders.
• Manage and maintain SOPs for key operational processes (DSR, DPIAs, VRM and ROPA) ensuring they are practical, role-specific, and embedded in BAU operations.
• Maintain the library of standardized templates (DPIAs, Vendor due diligence, DPAs, ROPA, Breach Logs)
• Regularly review templates with Legal and business users for usability and compliance alignment.
• Ensure all framework components are available to staff and that training on correct usage is available through workshops / videos and quick-reference guides.

Compliance & Risk Management – Records of Processing

• Maintain comprehensive records of data processing activities (RoPA) and alignment with publicly available privacy notices provided through the Group Privacy Centre
• Manage and maintain the Verticals RoPA in compliance with Article 30 of GDPR or other equivalent data protection laws
• Collaborate with business units to capture changes in processing purposes, legal bases, recipients, retention periods, and safeguards
• Conduct regular reviews to ensure RoPA and privacy notices remain accurate, complete, and transparent.
• Ensure that updates to the RoPA are reflected in relevant privacy notices published in the Privacy Centre.
• Manage vendor risk to ensure that all third-party suppliers handling personal data comply with applicable data protection laws, contractual obligations, and internal privacy standards
• Ensure DPAs with standardised clauses are signed before data sharing and that Transfer Impact Assessments are conducted for all cross-border data transfers.
• Undertake ongoing monitoring, ensuring all high-risk vendors are reviewed every three years and that all requests to amend sub -processors or changes to geographic location are reviewed and approved ahead of change being made
• Ensure vendors report data incidents and breaches promptly
• Ensure business owners have documented evidence of data deletion or return at contract end.

Compliance & Risk Management – Privacy by Design and DPIAs

• Advise and guide internal teams on Data Protection Impact Assessments and Privacy by Design / Default
• Act as the central authority for reviewing and approving all DPIAs before project launches or system implementations
• Work closely with Business functions and IT teams during the ideation and design phases to ensure that privacy principles are integrated from the outset
• Monitor current DPIA templates, workflows, and quality results to ensure that the process is operating in compliance with the framework
• Maintain a DPIA registry and ensure it reflects current systems and processes
• Facilitate workshops to guide teams through complex DPIA cases

Data Subject Rights & Incident Management

• Comprehensive Management of Data Subject Requests, Incident Resolution, and Breach Monitoring for Compliance and Risk Mitigation
• Oversee the end-to-end management of data subject requests (DSRs), ensuring accurate handling, timely responses, and full compliance with applicable regulatory timelines
• Lead the coordination and resolution of data protection incidents, including initial triage, risk assessment, and implementation of appropriate mitigation measures
• Investigate data incidents to identify root causes and collaborate with relevant teams to implement corrective and preventive actions.
• Maintain a centralized data breach and incident registry to support regulatory reporting, internal audit, and ongoing compliance monitoring.

Assurance Reviews

• Ensure ongoing compliance and risk mitigation in data processing activities through regular assurance reviews, risk assessments, and collaborative corrective actions across business functions
• Conduct regular self-certification and assurance reviews based on risk profiles of verticals to ensure compliance with data processing frameworks
• Develop a risk-based assurance plan that covers all data domains, systems, and business functions
• Carry out on-site and remote assurance reviews to assess compliance with regulatory standards (e.g., GDPR, PDPL) and internal policies
• Evaluate controls, identify risks, and collaborate with business owners to document and implement corrective actions
• Maintain an up-to-date risk register with prioritized risks and clear mitigation timelines
• Oversight and collaboration for data protection training, awareness campaigns, and continuous improvement to enhance compliance and foster a Privacy-Conscious culture
• Collaborate with Vertical Heads of L&D to design and implement data protection training programs, ensuring they align with best practices, regulatory requirements, and the organization's data protection strategy
• Develop tiered training programs tailored to employee roles based on their risk profile (e.g., general staff vs. high-risk roles like Marketing, IT, etc.)
• Ensure L&D delivers a comprehensive data privacy onboarding module for new hires, tracking completion rates and monitoring key performance indicators (KPIs) for training effectiveness
• Organize and conduct quarterly awareness sessions with Vertical Data Champions to reinforce data protection principles across departments
• Organise and run monthly privacy awareness campaigns (e.g., Data Privacy Day, Red Flag Day, "Ask the DPO" sessions) to foster a privacy-conscious culture.
• Work with L&D to develop and evaluate post-training assessments to track knowledge retention and ensure continuous improvement.

Who we are looking for :

• Minimum 8 years of relevant experience as a Data Protection Officer within a multinational organisation.
• In-depth knowledge of EU GDPR, with an understanding of China PIPL, KSA PDPL, the EU AI Act, and industry control frameworks (NIST, ISO 27001, etc.)

Education / Professional Certifications :

• Bachelor’s degree in law, Information Security, Data Protection, Risk Management, or a related field
• Certified Information Privacy Professional (CIPP / E) or equivalent certification is required
• Strong knowledge of data protection laws, risk frameworks, and compliance processes
• Understanding of AI governance, data processing techniques, and vendor risk management
• Experience with OneTrust or similar compliance management tools
• Customer Focus
• Results Orientation
• Business Awareness
• Curious & Creative
• Sense of Urgency
• Adaptability & Flexibility
• Builds Relationships
• Empowerment
• Problem Solving & Decision Making
• Planning and Organizing
• Communication Skills
• Teamwork

As much as we would be delighted to entertain all applicants, due to the high volumes of applications, only successful applicants will be contacted within 14 business days.

This job description is not all inclusive. Dubai Holding reserves the right to amend this job description at any time. Dubai Holding is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.

Seniority level

Seniority level

Associate

Employment type

Employment type

Full-time

Job function

Job function

Project Management

Hospitality, Construction, and Technology, Information and Media

Referrals increase your chances of interviewing at Dubai Holding by 2x

Director, Reporting, Analytics, and Visualization – Dubai, UAE

Associate Director Revenue Management - Jumeirah Marsa Al Arab

Director - Managed Service Platforms & Innovation

Project Manager - Data Management (Arabic Speakers)

Manager -Data Management & Platform Section | UAE Nationals Only

Operations Manager – Last Exit – Dubai Holding Asset Management

Internal Audit Executive Director - Commercial & Investment Banking Technology

Manager | AI Development & Operations | UAE Nationals Only

Engineer - Rail Engineering and Information

Engineer - Enterprise Command & Control Center Operations

Engineer - Rail Engineering and Information

Engineer - Enterprise Command & Control Center Operations

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr