Associate Director - Data Protection

Established in 2004, Dubai Holding is a global investment company with investments in more than 34 countries and a combined workforce of nearly 45,000 individuals. In line with the vision of Dubai's leadership and economic diversification strategy, Dubai Holding companies have nurtured sectors, irrevocably transforming Dubai's socio-economic landscape and positioning Dubai as a diversified, globally integrated economy.

Dubai Holding is committed to the diversification of Dubai's non-oil economy. Our portfolio, valued at over AED 280+ billion, spans 10 sectors, including real estate, hospitality, leisure & entertainment, ICT, design, education, media, retail, manufacturing & logistics, and science.

For the Good of Tomorrow

Dubai Holding is looking to hire an Associate Director - Data Protection in the Legal Department. The role holder will report to the Head of Data Protection. This role holder serves as the embedded data protection and AI governance lead for the Foundry platform programme, responsible for ensuring all use cases comply with the Group's Data Protection Framework, applicable laws, and emerging AI regulations. The role holder will be accountable for providing expert oversight and practical guidance on privacy by design, risk assessments, data ingestion controls, and documentation to support compliant and ethical use of data and AI technologies. Acting as a key business partner to project teams and senior stakeholders, this position facilitates the identification, assessment, and communication of data protection risks, including complex or commercially sensitive cases, enabling informed decision-making by the DPO and executive leadership. Through targeted assurance, incident support, and tailored engagement initiatives, the role drives continuous improvement and fosters a strong privacy-conscious culture within Foundry and across related teams.

If you are looking to build a meaningful career where your contributions drive real change, we would be delighted to connect.

Key Accountabilities:

Governance & Framework Application in Foundry Platform

Act as the embedded data protection lead for the Foundry platform programme, ensuring all use cases are designed and implemented in full alignment with the DH Data Protection Framework, applicable laws, and privacy by design principles.

• Apply the Group's data protection framework to projects in scope, ensuring policies, procedures, and templates are clearly understood and adopted by relevant teams.
• Support business owners in complying with all required processes and artefacts (e.g., DPIAs, TIAs, ROPAs, LIAs, data maps) relevant to their use cases.
• Oversee the data ingestion process to verify all controls are in place before data is introduced into the platform, mitigating risks early.
• Ensure that evolving regulatory requirements-including emerging AI regulations such as the EU AI Act-are reflected in project documentation, controls, and workflows.
• Promote consistent and practical application of the framework by providing guidance and clarity on how requirements apply specifically to the Foundry platform.

Compliance & Risk Management: Privacy by Design and AI

Embed privacy by design and data protection principles at the earliest stages of project design and development.

• Advise on Data Protection Impact Assessments (DPIAs) and AI Impact Assessments for relevant use cases.
• Identify use cases that may trigger obligations under the EU AI Act or other applicable AI regulations, escalating them for further review as appropriate.
• Ensure project documentation clearly captures decision rationales, risk mitigations, and alignment with privacy by design/default policies.
• Drive awareness and understanding during sign-off processes to ensure stakeholders fully appreciate the data protection implications of their projects.

Compliance & Risk Management - Use Case Oversight

Provide proactive oversight of all Foundry use cases to ensure they are compliant, risk-assessed, and well-documented prior to go-live.

• Work closely with business owners to identify data protection risks early, including those arising from AI capabilities and cross-border data flows.
• Ensure that use cases are supported by appropriate risk assessments, privacy notices, and legal bases, with clear records of approval and stakeholder engagement.
• Collaborate with Legal to address complex or emerging regulatory issues.
• Maintain oversight of processing activities to ensure Records of Processing Activities (ROPAs) for Foundry are accurate, comprehensive, and regularly updated.
• For use cases that present data protection risks which are non-compliant but commercially compelling, lead the preparation of detailed risk assessments outlining likelihood, impact, and residual risk. This assessment is communicated to the DPO to support executive-level decision-making regarding risk acceptance.

Data Subject Rights & Incident Management Support

Oversee and support the handling of data subject requests and incident response within the Foundry environment.

• Ensure requests are identified, tracked, and fulfilled within statutory timeframes.
• Collaborate with technical teams to enable accurate extraction, correction, or deletion of data from the platform.
• Support investigations of data incidents and embed lessons learned into ongoing processes to prevent recurrence.

Assurance & Continuous Improvement

Provide independent assurance to the DPO that Foundry use cases remain compliant and risks are effectively managed.

• Conduct targeted assurance reviews of high-risk or AI-related use cases.
• Work with stakeholders to close gaps and drive continuous improvement.
• Maintain an up-to-date risk register for Foundry processing activities, ensuring clear accountability and timelines for mitigation.

Lead efforts to build privacy capability and embed a privacy-conscious culture within Foundry teams.

• Deliver targeted training and practical workshops tailored for business owners, developers, and analysts involved with the platform.
• Develop role-specific guides and quick-reference materials to help teams navigate complex data protection and AI requirements.
• Serve as a trusted point of contact for data protection queries, ensuring timely escalation and resolution of issues.

Who we are looking for:

• Minimum 8-10 years with at least 6 years of relevant experience in data protection, privacy, or compliance roles within multinational organisations, ideally including experience as a Data Protection Officer or senior privacy advisor.
• Demonstrated expertise in EU GDPR compliance, with working knowledge of China PIPL, KSA PDPL, and emerging AI regulations including the EU AI Act.
• Experience implementing and managing privacy and AI governance frameworks aligned with recognised industry standards such as NIST, ISO 27001, ISO 27701, and AI-specific guidelines.
• Proven track record of collaborating with cross-functional teams (legal, IT, business) to embed privacy by design and AI risk management into operational processes.

Education / Professional Certifications:

• Minimum 8-10 years with at least 6 years of relevant experience in data protection, privacy, or compliance roles within multinational organisations, ideally including experience as a Data Protection Officer or senior privacy advisor.
• Demonstrated expertise in EU GDPR compliance, with working knowledge of China PIPL, KSA PDPL, and emerging AI regulations including the EU AI Act.
• Experience implementing and managing privacy and AI governance frameworks aligned with recognised industry standards such as NIST, ISO 27001, ISO 27701, and AI-specific guidelines.
• Proven track record of collaborating with cross-functional teams (legal, IT, business) to embed privacy by design and AI risk management into operational processes.
• Comprehensive knowledge of data protection laws, privacy risk frameworks, and compliance management, including experience with DPIAs, Records of Processing Activities (ROPAs), and data subject rights processes.
• Strong expertise in AI governance principles, covering AI risk assessments, ethical AI implementation, transparency requirements, and alignment with regulations such as the EU AI Act.
• Familiarity with data processing architectures and controls, particularly related to large-scale data platforms and AI/ML systems.
• Experience in vendor risk management, including conducting privacy due diligence and managing third-party compliance risks.
• Proficiency with compliance and privacy management tools such as OneTrust, TrustArc, or similar platforms to automate and monitor governance processes.
• Ability to interpret complex regulatory requirements and translate them into actionable operational controls and policies.
• Working knowledge of data governance principles and practices to support effective data management and compliance across complex data ecosystems.
• Customer Focus
• Results Orientation
• Business Acumen
• Curiosity & Innovation
• Sense of Urgency
• Adaptability & Resilience
• Relationship Building
• Analytical Problem Solving & Sound Decision Making
• Planning and Organising
• Clear and Influential Communication

As much as we would be delighted to entertain all applicants, due to the high volumes of applications, only successful applicants will be contacted within 14 business days.

. click apply for full job details