Senior Executive Manager – Data Management

Job Description

Role Purpose:

The Senior Executive Manager – Data Management leads Bupa Arabia's compliance with the National Data Management Office (NDMO) framework and the Saudi Personal Data Protection Law (PDPL). This role owns the delivery of Track 3 of the Data Modernization Program - ensuring all data governance, data quality, data management, and data protection obligations are met in full, on schedule, and auditable by the Insurance Authority.

The role sits at the intersection of regulatory compliance, data architecture, and change management. The Senior Executive Manager translates NDMO requirements into actionable governance frameworks, stewardship structures, and operational processes - working directly with EY, the platform team (Track 1), and the AI team (Track 2) to ensure governance is embedded across every layer of the new platform, not bolted on afterwards.

With PDPL fully complete (23/23 deliverables), Data Governance at 40%, Data Management at 22%, and the Data Catalog (MCM) impeded by a Track 1 dependency, the role must accelerate remaining deliverables, hold EY accountable to completing the Data Catalog independently, and ensure Bupa Arabia passes its NDMO compliance audit by the 12-month program milestone.

Key Accountabilities:

1-NDMO Programme Delivery & Compliance Audit:

• Own all Track 3 NDMO deliverables - accelerate Data Governance from 40% to 100% and Data Management from 22% to 100% within programme timeline
• Drive sign-off on all Pending Sign-Off deliverables: Data Strategy (DG.1.1, DG.1.2, DG.1.3), Data Management Plans across all 12 domains, Policy gap analysis, and TOM approval
• Prepare Bupa Arabia for the NDMO compliance audit at 12-month milestone - maintain an audit-ready evidence pack for all 155 deliverables (excl. Data Catalog)
• Coordinate with EY programme team to track remaining obligations and ensure no deliverable gaps remain open at programme close
  
  

2-Data Catalog (MCM) - Independent Delivery:

• Lead EY's continued delivery of the Data Catalog (MCM) independently of Track 1 - the Catalog must be built and populated without waiting for the full GCP platform
• Oversee all 18 MCM deliverables: Data Sources Prioritization, Metadata Population, Metadata Quality, Metadata Annotation, Certification, Catalog Tool (MCM 5.1–5.4), and KPI reporting
• Define a phased delivery plan: manual metadata population first, automated GCP Dataplex integration second - ensuring regulatory coverage is not delayed by platform timelines
• Ensure Data Catalog integrates with GCP Dataplex once Track 1 is live - seamless handover from manual to automated catalogue
  
  

3-Data Governance Framework & Policy:

• Finalize and obtain approval for Bupa Arabia's Data Management and Personal Data Protection Policy (DG.2.2), Data Architecture Policy (DAM.2.1), and all 12 domain-specific data management plans
• Implement and operationalize the TOM for data governance - including all 11 roles: CDO, Governance Officer, Compliance Officer, Data Protection Officer, Business Data Stewards, and IT Data Stewards
• Establish and chair the Entity Data Management Committee (DG.4.2) - monthly governance forum with CDO, domain owners, and IT representation
• Lead the Data Strategy refresh and socialization (DG.1.1, DG.1.2, DG.1.4) - ensuring alignment with Vision 2030, NDMO, and Bupa Arabia's Data Modernization Programme
  
  

4-PDPL Compliance Operations & Data Subject Rights:

• Maintain all PDPL obligations already completed: 24 RoPA, 20 DPIA, breach notification procedures, consent management, and third-party vendor assessments
• Close all PDPL items still pending Compliance Monitoring, Processing Principles, Data Collection Policy, Legal Basis, Disclosure Policy, Data Retention, Technical Measures, and Advertising Policy
• Conduct quarterly PDPL compliance monitoring and audit reviews - maintain continuous compliance, not point-in-time readiness
• Manage data subject rights requests end-to-end: receipt, triage, fulfilment within statutory timeframes, and logging
  
  

5-Data Quality Governance & DQ Framework:

• Build and operationalize the enterprise DQ framework - DQ rule development, monitoring dashboards, SLAs, and issue resolution processes across all critical data domains
• Own the Initial Data Quality Assessment (DQ.1.3) findings - translate into a prioritized remediation backlog and track resolution through the Data Management Issue Tracking Register (DG.8.2)
• Implement data stewardship workflows for DQ issues: assignment, escalation paths, resolution tracking, and SLA enforcement - ensuring DQ issues are owned by named business data stewards
• Coordinate with the GCP platform team to ensure automated DQ assertions in dbt and Dataplex align with the enterprise DQ framework and NDMO reporting requirements
  
  

6-Data Classification & Reference / Master Data:

• Complete outstanding Data Classification deliverables: DC 3.4 Classification Review (700 Critical Data Elements), DC 3.5 Metadata for CDEs, DC 3.1 Data Identification sign-off
• Oversee the Reference and Master Data (RMD) domain - complete RMD 2.4 Information Architecture, RMD 2.5 Technical Requirements, RMD 4.3 Data Hub Implementation, and RMD 4.4 Trusted Source designation
• Maintain the Data Architecture and Modeling register (DAM 7.1) and change management process (DAM 5.1) - all architecture decisions documented and version-controlled
• Govern the Data Sharing framework - oversee all Internal and External Data Sharing Agreements (DSI 7.1, DSI 7.2) and ensure the Data Sharing Request Channel (DSI 6.1) is operational
  
  

Skills

• NDMO Framework - DAMA-DMBOK, data governance maturity models, NDMO assessment methodology
• PDPL / Saudi Data Protection Law - compliance operations, RoPA, DPIA, breach management
• Data Governance Frameworks - TOM design, data stewardship, policy development, committee governance
• Data Quality Management - DQ rules, monitoring dashboards, issue resolution, SLA frameworks
• Data Catalog & Metadata Management - business glossary, metadata standards, data lineage
• Data Classification - PII / PHI / SPI / sensitivity classification, CDE tagging
• Reference & Master Data Management - MDM architecture, data hub, golden record design
• GCP Dataplex - automated governance, lineage, DQ policies, NDMO classification integration
• Data Architecture - conceptual/logical data models, architecture registers, change management
• Stakeholder & Change Management - governance forum facilitation, executive engagement, socialization
• Microsoft Office / SharePoint - document management, policy publication, tracking registers
  
  

Education

Bachelor’s degree in information management, Computer Science, Law, Business or related field.