Senior Manager, Data Protection & ESG
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
**Role Summary** The Senior Manager, Data Protection and ESG is accountable for the design, implementation and continued effectiveness of the Group’s data protection and ESG compliance frameworks across all Astra Tech entities licensed locally and internationally, including the regulatory perimeter of the Central Bank of the UAE (CBUAE), the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM), and the Dubai Financial Services Authority (DFSA) of
Key Skills for This Role
Full Job Posting
Role Summary
The Senior Manager, Data Protection and ESG is accountable for the design, implementation and continued effectiveness of the Group’s data protection and ESG compliance frameworks across all Astra Tech entities licensed locally and internationally, including the regulatory perimeter of the Central Bank of the UAE (CBUAE), the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM), and the Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre (DIFC) in the UAE, and elsewhere in other jurisdictions.
The role serves as the Group’s single point of accountability for personal data processing activities and for ESG related disclosure, governance and reporting obligations.
The incumbent works in close partnership with Business, Product, Technology, Procurement, Human Resources, Legal and Risk teams to embed data protection principles into customer journeys, products, vendor arrangements and operational processes.
The Senior Manager, Data Protection and ESG is the primary liaison for internal assurance functions (Internal Audit and Compliance Monitoring and Testing) and for external regulators (including CBUAE thematic reviews and examinations, FSRA and DFSA supervisory engagements, and data protection commissioners in ADGM and DIFC) on all matters related to data protection and ESG locally, as well as international regulatory reviews/ queries.
Data Protection: Regulatory Gap Assessment and Remediation
- Conduct an initial end to end gap assessment of the Group’s data protection posture against all applicable regulatory requirements set out in Section 2, separately for each Astra Tech entity.
- Benchmark current state against international standards where relevant (GDPR, ISO/IEC 27701, ISO 14001, IFRS S1/S2, TCFD, GRI) to anticipate regulatory direction of travel.
- Document findings in a structured Gap Assessment Report, with prioritised, risk rated remediation actions, owners and target dates.
- Define, mobilise and track the multi-year Data Protection Remediation Roadmap, ensuring delivery within agreed timelines and reporting progress.
Data Protection: Specific Responsibilities
- Discharge the formal Data Protection Officer (DPO) responsibilities required under applicable laws and regulations, including monitoring compliance, advising on processing operations and acting as the contact point for data subjects and supervisory authorities.
- Maintain the Group Record of Processing Activities (RoPA), data inventory and data flow maps across all in scope entities, processes and systems.
- Draft, maintain and obtain approval for all Data Protection policies, standards and procedures, ensuring alignment with the CBUAE CPR data and confidentiality provisions, UAE PDPL, ADGM DPR 2021 and DIFC DPL and benchmarked against international standards.
- Review, update and version control all data related customer facing documentation, including Data Privacy Notice/ Policy, Cookie Notices, Data and Marketing related Consents, Terms and Conditions (data clauses), product disclosures, marketing opt in mechanisms and data subject rights communications.
- Embed data protection clauses (controller and processor allocations, sub processor controls, cross border transfer mechanisms, audit rights, breach notification, return and deletion) into Master Service Agreements (MSAs), Data Processing Agreements (DPAs), inter affiliate agreements, vendor contracts and employee contracts, in coordination with Legal and Procurement.
- Lead the design, business case, vendor selection and implementation of an Enterprise-wide Consent Management (ECM) system covering web, mobile, branch, call centre and third-party channels.
- Define consent taxonomies, lawful bases, purpose registers, retention rules and re consent triggers, ensuring these are reflected consistently in the ECM platform and downstream systems.
- Operate the Data Protection Impact Assessment (DPIA), Transfer Impact Assessment (TIA) and Legitimate Interest Assessment (LIA) processes for new products, services, technologies, AI and model use cases, vendor engagements and material changes.
- Perform a Data Protection Impact Assessment (DPIA) for every initiative submitted to the Group’s Initiatives Review and Approval (IRA) process, ensuring the DPIA is completed prior to IRA approval and forms part of the formal IRA submission pack; track DPIA outcomes, mitigations and conditions to closure, and report DPIA coverage and exceptions to the Head of Compliance Strategy and Transformation.
- Operate the Data Subject Rights (DSR) handling framework across access, rectification, erasure, portability, objection and restriction requests, within statutory timelines.
- Lead privacy incident triage, investigation, containment, root cause analysis and remediation, in coordination with Information Security, Technology, Legal, Communications and Operational Risk; assess regulatory thresholds and lead breach notifications to the UAE Data Office, CBUAE, FSRA, DFSA, ADGM Office of Data Protection and DIFC Commissioner of Data Protection, and to affected data subjects where required.
ESG: Specific Responsibilities
- Maintain a consolidated ESG regulatory obligations register covering the CBUAE Principles for Sustainability Related Disclosures, the ADGM ESG Disclosures Framework, DIFC ESG and sustainability initiatives, FSRA and DFSA sustainable finance guidance, and applicable UAE federal climate and sustainability requirements as well as international ESG related regulations in other jurisdictions, as applicable.
- Coordinate the preparation of ESG disclosures across in scope entities, including climate related financial disclosures, Group sustainability reporting, and entity level regulatory ESG submissions.
- Support the integration of ESG risk considerations into credit, investment, product, procurement and third-party risk management frameworks.
- Provide assurance over the integrity of ESG data flows, controls and reporting, including managing greenwashing risk and ensuring fair, balanced and substantiated sustainability claims in customer facing materials.
- Embed ESG related clauses (sustainability representations, ESG data sharing, climate risk obligations) into MSAs, vendor contracts and, where relevant, financing and product documentation.
- Represent Astra Tech in industry ESG working groups and forums, including UAE SFWG linked initiatives where appropriate.
- Training and Awareness
- Design and deliver a Group wide Data Protection and ESG training curriculum, with separate, dedicated modules for each domain, including mandatory annual training, role based deep dives and targeted briefings for Senior Management and the Board.
- Deliver tailored training and awareness sessions, independently and in coordination with Business, Product, Technology, Procurement, HR and Marketing teams, to embed practical understanding of obligations into day-to-day operations.
- Maintain training completion records and report on the same.
Third Party And Outsourcing Oversight
- Define data protection and ESG due diligence requirements for vendor onboarding, ongoing monitoring and exit.
- Review and approve material third party arrangements from a data protection and ESG standpoint, including cross border data transfer mechanisms and sub processor chains.
Reporting, Regulatory Filings and Liaison
- Produce periodic Data Protection and ESG reporting for the Head of Compliance Strategy and Transformation, the Group Chief Compliance Officer, Executive Management and relevant Board committees, covering KRIs, KPIs, incidents, regulatory developments and remediation status.
- Own end to end preparation of regulatory filings, incident reporting and ad hoc submissions on data protection and ESG matters to regulators.
- Act as the principal point of liaison with Internal Audit and Compliance Monitoring and Testing on data protection and ESG reviews, facilitating walkthroughs, evidence requests, management responses and remediation tracking.
- Act as the principal point of liaison with external regulators on data protection and ESG matters, including CBUAE thematic reviews and on-site examinations, FSRA and DFSA supervisory engagements and RFIs.
- Track regulatory developments (CBUAE circulars, FSRA and DFSA notices, ADGM and DIFC amendments, UAE federal updates and international trends) and translate them into actionable changes within the Group.
Requirements
- Minimum 10+ years of relevant experience in data protection, privacy, ESG, compliance or regulatory advisory, commensurate with Senior Manager grade, with at least 5 years in a dedicated data protection or DPO or ESG lead capacity.
- Significant experience within financial services, ideally including entities regulated by the CBUAE, the FSRA (ADGM) and the DFSA (DIFC).
- Demonstrable track record of leading a regulatory gap assessment and end to end remediation programme covering data protection and ESG obligations.
- Proven experience implementing an Enterprise-wide Consent Management capability across digital channels.
- Experience handling CBUAE, FSRA and DFSA examinations, thematic reviews, information requests and remediation tracking.
- Experience operating in a multi entity, multi jurisdiction group, with a clear understanding of the interaction between onshore (CBUAE) and financial free zone (ADGM with FSRA, and DIFC with DFSA) regimes.
- Experience working with Internal Audit and Compliance Monitoring and Testing on data protection and ESG themed reviews.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Astra Tech
Manager- Customer Service
Dubai, UAE
Astra Tech seeks a Customer Service Manager in Dubai to oversee high-volume call centre and digital support operations in fintech. The role involves queue management, capacity planning, root cause analysis, and VoC insig
Java Developer
Abu Dhabi, UAE
Astra Tech is looking for a Java Developer to build and maintain Java-based credit risk systems for financial credit scenarios. The role involves designing high-availability APIs, integrating risk rules and ML models, an
Java Developer
Abu Dhabi, UAE
Astra Tech seeks a Java Developer to build and maintain credit risk systems for financial credit scenarios in Abu Dhabi. The role involves designing high-availability APIs, developing rule engines, integrating ML models,
Senior QA Engineer (Risk Management & Automation Testing)
Abu Dhabi, UAE
Astra Tech is seeking a Senior QA Engineer to design and execute test strategies with a focus on risk-based testing and automation for fintech systems. The role involves developing automation frameworks, performing perfo
Partnerships Manager – Consumer Products
Dubai, UAE
Astra Tech seeks a Partnerships Manager to drive customer engagement and product growth through strategic partnerships for consumer financial products in Dubai. The role involves sourcing, negotiating, and managing partn
L2 IT Support Engineer
Dubai, UAE
Astra Tech seeks an L2 IT Support Engineer to manage enterprise IT environment, provide advanced technical support, and administer Microsoft 365, Azure, networking, and enterprise applications. Requires 4+ years of IT su
Business Operations Manager
Abu Dhabi, UAE
Astra Tech seeks a Business Operations Manager to act as business PMO for the lending business, driving operational initiatives and coordinating cross-functional projects. Requires 5+ years in business operations or prog
Risk Systems & Strategy Deployment Manager
Abu Dhabi, UAE
We are looking for a Risk System and Strategy Deployment Manager to own credit risk systems and bridge Risk Strategy, Engineering, and Operations teams. The role involves deploying credit risk policies, monitoring perfor
Manager- Customer Service
Dubai, UAE
Java Developer
Abu Dhabi, UAE
Java Developer
Abu Dhabi, UAE
Senior QA Engineer (Risk Management & Automation Testing)
Abu Dhabi, UAE
Partnerships Manager – Consumer Products
Dubai, UAE
L2 IT Support Engineer
Dubai, UAE
Business Operations Manager
Abu Dhabi, UAE
Risk Systems & Strategy Deployment Manager
Abu Dhabi, UAE