Data Privacy & Security Engineer Compliance, Risk & Encryption

Job Title: Data Privacy & Security Engineer Compliance, Risk & Encryption
Location: United Arab Emirates
Experience: 7+ Years
Job Type: Long-Term | On-site
Department: Information Security / Data Protection

---

Job Summary:

We are seeking an experienced Data Privacy & Security Engineer to lead and implement data protection strategies across the organization, ensuring compliance with global privacy regulations such as GDPR, CCPA, and UAE federal laws. The ideal candidate will play a critical role in managing privacy risk assessments, enforcing data encryption standards, and embedding privacy-by-design principles into technology platforms and processes.

---

Key Responsibilities:

Lead data privacy initiatives and ensure ongoing compliance with global and regional data protection regulations (GDPR, CCPA, DIFC DP Law, ADGM DPL).

Perform Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, processes, and vendors.

Collaborate with engineering and legal teams to embed privacy-by-design and security-by-default in product and system development lifecycles.

Define and implement data classification, data retention, and access control policies across the enterprise.

Enforce data encryption protocols (at rest, in transit) using industry standards like AES, TLS, RSA, and manage secure key storage solutions (KMS, HSM).

Manage and monitor data subject rights processes including consent, access, deletion, and data portability.

Support the development of incident response plans for privacy breaches and work closely with the SOC and legal team for reporting and remediation.

Evaluate and deploy privacy-enhancing technologies (PETs), DLP solutions, and data anonymization/pseudonymization tools.

Conduct third-party risk assessments, vendor privacy reviews, and maintain data processing agreements (DPAs).

Assist with internal and external audits, maintain privacy documentation, and support employee awareness and training programs.

---

Required Skills & Qualifications:

Bachelor s or Master s degree in Information Security, Computer Science, Law, or a related field.

Minimum of 7 years of experience in data privacy, information security, or GRC roles.

Deep knowledge of privacy regulations (GDPR, CCPA, HIPAA, DIFC, ADGM, PDPL).

Strong hands-on experience in data encryption, privacy engineering, and cloud data protection.

Proficient in privacy frameworks (NIST Privacy Framework, ISO/IEC 27701) and security standards (ISO/IEC 27001, NIST 800-53).

Familiarity with security tools: DLP, SIEM, encryption tools, CASB, IAM, and tokenization platforms.

Strong communication and documentation skills, with the ability to translate technical findings into business impact.

Preferred certifications: CIPP/E, CIPP/US, CIPT, CIPM, CISSP, ISO 27701 LA, or equivalent.

---

Nice to Have:

Experience working with cloud platforms (AWS, Azure, GCP) and privacy configurations in SaaS environments.

Knowledge of privacy in AI/ML, federated learning, and secure data analytics.

Understanding of blockchain data privacy concepts (e.g., zero-knowledge proofs, off-chain storage).

Prior experience in regulated industries such as finance, healthcare, or telecom.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com