Data Governance & Security Lead

Data Governance & Security Lead - 6 Month Contract - Abu Dhabi

Role: Head of Data Governance, Security & Responsible AI

Duration: 6 month extendable contract

Location: Abu Dhabi, UAE

Our client are looking to hire a Data Governance & Security Lead to lead and institutionalize enterprise-wide frameworks across data governance, data security, and responsible AI practices.

This is a strategic leadership role focused on building robust governance models, ensuring regulatory compliance, and enabling the safe and ethical use of data and AI across complex systems. Candidates must already be based in the UAE.

Key responsibilities

• Vendor management (classification): be the technical counterpart to the external classification vendor — review their deliverables, assess whether the framework fits your data architecture, challenge timeline slippage, and ensure the DSPM/DLP tool choices integrate with your platform
• Classification remediation: identify what's broken in current classification efforts, build a remediation plan, and work with Platform Engineers to embed automated classification into pipelines
• Data ownership register: build and maintain the register — every dataset has a named owner, custodian, and steward across all entities
• Access control design: define who can access what data at what classification level, enforced through Azure AD roles and platform controls
• AI data governance: define the governance rules for the agentic platform before agents start consuming organizational data — data scope restrictions, prompt guardrails, audit requirements
• Policy set: access control policy, retention and disposal policy, data sharing policy, and AI data usage policy — drafted, reviewed with Legal/IT, and published
• Compliance gap analysis: assess current state against NESA/NIAR and Abu Dhabi data management standards, identify gaps, build remediation plan

Required Skills & Experience:

• Data governance framework design and implementation — has built a classification framework and operationalized it, not just documented it
• Data classification standards — understands sensitivity levels, labeling, handling procedures, and how to enforce them technically
• Regulatory compliance: GDPR, UAE data protection law, and ideally NESA/NIAR or Abu Dhabi data management standards
• Security controls: encryption at rest and in transit, key management, access recertification, DLP tooling
• DSPM/DLP tool experience (BigID, Fortra, Microsoft Purview, or comparable) — can evaluate, configure, and operate these tools
• Vendor management: has been the client-side technical lead managing an external governance engagement
• Data mesh governance concepts: data product ownership, quality SLAs, cross-entity sharing
• AI governance fundamentals: model and agent registration, data scope controls, audit trail requirements
• Stakeholder communication: can work with Legal, IT, and entity leadership on policy review and adoption
• Policy-as-code concepts: translating governance rules into automated technical enforcement