Job Description

Role Purpose

The Data Controller / Data Protection Officer (DPO) is responsible for overseeing and enforcing data protection, privacy, and information security controls across all data destruction, IT asset disposition (ITAD), and recycling operations. The role ensures compliance with NAID / i-SIGMA certification requirements, applicable data protection laws, contractual obligations, and internal information security policies.

Key Responsibilities

1. Data Protection & Governance

Act as the primary authority for data protection and privacy governance within the organization. Ensure all data-bearing assets are handled, processed, and destroyed in accordance with approved data destruction procedures and contractual requirements. Maintain oversight of data lifecycle controls from collection to final destruction.
2. NAID / i-SIGMA Compliance

Ensure operational compliance with i-SIGMA / NAID AAA Certification Specifications, including:
? Data confidentiality

? Chain-of-custody controls

? Access control to data-bearing media

Participate in internal audits, external audits, and certification assessments. Maintain required documentation, logs, and records as per NAID specifications.
Key Responsibilities

1. Data Protection & Governance

Act as the primary authority for data protection and privacy governance within the organization. Ensure all data-bearing assets are handled, processed, and destroyed in accordance with approved data destruction procedures and contractual requirements. Maintain oversight of data lifecycle controls from collection to final destruction.
2. NAID / i-SIGMA Compliance

Ensure operational compliance with i-SIGMA / NAID AAA Certification Specifications, including:
? Data confidentiality

? Chain-of-custody controls

? Access control to data-bearing media

Participate in internal audits, external audits, and certification assessments. Maintain required documentation, logs, and records as per NAID specifications.
3. Policy & Procedure Management

Develop, implement, and maintain:
? Data protection policies

? Information security procedures

? Incident response and breach notification procedures

Review and update policies regularly to reflect regulatory, certification, or operational changes.
4. Risk Management & Incident Handling

Identify and assess data security risks related to handling, storage, transportation, and destruction of data-bearing assets. Lead investigations into any data security incidents, breaches, or deviations, and ensure corrective and preventive actions (CAPA) are implemented. Maintain incident logs and reporting in line with NAID and ISO requirements.
5. Training & Awareness

Conduct or coordinate mandatory data protection and confidentiality training for all employees, contractors, and temporary staff. Ensure staff understand their responsibilities regarding data security, access control, and confidentiality agreements. Maintain training records for audit purposes.
6. Access Control & Confidentiality

Oversee role-based access to data-bearing assets, destruction areas, and sensitive records. Ensure all relevant personnel have signed confidentiality and non-disclosure agreements (NDAs). Coordinate with HR and Operations to revoke access immediately upon employee exit or role change.
7. Documentation & Reporting

Ensure accurate and complete maintenance of:
? Certificates of Destruction

? Chain-of-custody records

? Audit logs and compliance reports

Act as the point of contact for clients, auditors, and regulators regarding data protection matters.
Authority

Authority to halt operations if a data protection or security risk is identified. Authority to recommend disciplinary action for data protection violations. Authority to require corrective actions across departments.
Qualifications & Experience

Mandatory

Strong understanding of data protection principles, information security, and secure data destruction. Experience in ITAD, data destruction, recycling, or compliance-driven industries. Familiarity with NAID AAA / i-SIGMA certification requirements.
Preferred

Knowledge of ISO 27001, ISO 9001, ISO 14001, ISO 45001 Experience handling audits and compliance documentation Formal training in data protection or information security
Key Competencies

High ethical standards and integrity Strong attention to detail Risk awareness and decision-making ability Clear documentation and reporting skills Ability to enforce compliance across operations
Job Type: Full-time

Pay: From AED3,000.00 per month