Job Description

bout the Role:

We are looking to hire a

Chief Information Security Officer (CISO)

who will also serve as the

Data Protection Officer (DPO)

, in accordance with the

Virtual Asset Regulatory Authority (VARA) Technology and Information Rulebook

. This dual role is critical in ensuring that our organization maintains the highest standards of

cybersecurity, data privacy, and regulatory compliance

.

The CISO/DPO will be responsible for the development, implementation, and enforcement of information security and data protection strategies across all technical and operational functions. The ideal candidate will have a proven background in cybersecurity, risk governance, and data privacy frameworks, with deep knowledge of UAE regulations and global standards.

Key Responsibilities:

Chief Information Security Officer (CISO) Responsibilities:

Develop and maintain the organization's

Information Security Management System (ISMS)

in alignment with

ISO 27001

, NIST, and VARA requirements.

Define and enforce

cybersecurity policies, procedures, and architecture

to protect virtual asset platforms and infrastructure.

Oversee

threat detection, incident response, vulnerability management

, and cyber risk mitigation strategies.

Ensure the

secure design and ongoing security

of technical infrastructure including wallets, APIs, cloud environments, and backend systems.

Lead the

security posture assessment and penetration testing

efforts.

Conduct

regular risk assessments and audits

, producing comprehensive reports for senior management and regulatory submissions.

Establish and monitor

security controls

such as identity management, encryption, logging, and intrusion prevention.

Train employees on

cybersecurity awareness

and best practices.

Liaise with VARA and third-party auditors for technology reviews and inspections.

Data Protection Officer (DPO) Responsibilities:

Serve as the

appointed DPO in accordance with VARA's Technology and Information Rulebook

and relevant data protection laws (UAE Data Law, GDPR, etc.).

Monitor

compliance with internal data protection policies

and ensure implementation of data minimization and retention policies.

Oversee data lifecycle management, access controls, and privacy impact assessments (PIAs) for all data-driven operations.

Conduct regular

privacy audits and gap assessments

.

Ensure

data breach notification procedures

are established and adhered to, including timely reporting to VARA and other regulators when required.

Respond to

data subject access requests (DSARs)

and manage data privacy complaints or incidents.

Keep abreast of

regulatory changes

, advising executive leadership on their impact and required controls.

Act as a key point of contact for

regulatory authorities

on data protection matters.

Requirements:

Bachelor's or Master's degree in

Cybersecurity, Information Technology, Computer Science, or Law

.

Minimum of

5 years' experience

in cybersecurity, risk, or data protection roles, preferably in fintech, banking, or blockchain sectors.

Deep understanding of

VARA rules

,

ISO 27001

,

GDPR

,

NIST

,

UAE Data Protection Law

, and global information security best practices.

CISSP, CISM, CISA

, or equivalent certification required.

DPO certification

or strong practical experience in data protection.

Hands-on experience with

cloud security (AWS/GCP/Azure)

, network architecture, DevSecOps, encryption, and SIEM tools.

Experience with

blockchain, smart contracts, and virtual asset infrastructure

security is a plus.

Strong leadership, communication, and stakeholder management skills.

Ability to work in a high-growth, regulated, and rapidly evolving environment.

What We Offer:

Opportunity to lead dual regulatory functions in a pioneering virtual asset organization

Direct engagement with

VARA

, external auditors, and global regulatory frameworks

Access to cutting-edge blockchain infrastructure and cybersecurity tools

A dynamic, mission-driven work culture focused on innovation and compliance

Job Type: Full-time

Pay: AED15,000.00 - AED20,000.00 per month