bout the Role:
We are looking to hire a Chief Information Security Officer (CISO) who will also serve as the Data Protection Officer (DPO), in accordance with the Virtual Asset Regulatory Authority (VARA) Technology and Information Rulebook. This dual role is critical in ensuring that our organization maintains the highest standards of cybersecurity, data privacy, and regulatory compliance.
The CISO/DPO will be responsible for the development, implementation, and enforcement of information security and data protection strategies across all technical and operational functions. The ideal candidate will have a proven background in cybersecurity, risk governance, and data privacy frameworks, with deep knowledge of UAE regulations and global standards.
Key Responsibilities:
Chief Information Security Officer (CISO) Responsibilities:
· Develop and maintain the organization’s Information Security Management System (ISMS) in alignment with ISO 27001, NIST, and VARA requirements.
· Define and enforce cybersecurity policies, procedures, and architecture to protect virtual asset platforms and infrastructure.
· Oversee threat detection, incident response, vulnerability management, and cyber risk mitigation strategies.
· Ensure the secure design and ongoing security of technical infrastructure including wallets, APIs, cloud environments, and backend systems.
· Lead the security posture assessment and penetration testing efforts.
· Conduct regular risk assessments and audits, producing comprehensive reports for senior management and regulatory submissions.
· Establish and monitor security controls such as identity management, encryption, logging, and intrusion prevention.
· Train employees on cybersecurity awareness and best practices.
· Liaise with VARA and third-party auditors for technology reviews and inspections.
Data Protection Officer (DPO) Responsibilities:
· Serve as the appointed DPO in accordance with VARA’s Technology and Information Rulebook and relevant data protection laws (UAE Data Law, GDPR, etc.).
· Monitor compliance with internal data protection policies and ensure implementation of data minimization and retention policies.
· Oversee data lifecycle management, access controls, and privacy impact assessments (PIAs) for all data-driven operations.
· Conduct regular privacy audits and gap assessments.
· Ensure data breach notification procedures are established and adhered to, including timely reporting to VARA and other regulators when required.
· Respond to data subject access requests (DSARs) and manage data privacy complaints or incidents.
· Keep abreast of regulatory changes, advising executive leadership on their impact and required controls.
· Act as a key point of contact for regulatory authorities on data protection matters.
Requirements:
· Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or Law.
· Minimum of 5 years’ experience in cybersecurity, risk, or data protection roles, preferably in fintech, banking, or blockchain sectors.
· Deep understanding of VARA rules, ISO 27001, GDPR, NIST, UAE Data Protection Law, and global information security best practices.
· CISSP, CISM, CISA, or equivalent certification required.
· DPO certification or strong practical experience in data protection.
· Hands-on experience with cloud security (AWS/GCP/Azure), network architecture, DevSecOps, encryption, and SIEM tools.
· Experience with blockchain, smart contracts, and virtual asset infrastructure security is a plus.
· Strong leadership, communication, and stakeholder management skills.
· Ability to work in a high-growth, regulated, and rapidly evolving environment.
What We Offer:
· Opportunity to lead dual regulatory functions in a pioneering virtual asset organization
· Direct engagement with VARA, external auditors, and global regulatory frameworks
· Access to cutting-edge blockchain infrastructure and cybersecurity tools
· A dynamic, mission-driven work culture focused on innovation and compliance
Job Type: Full-time
Pay: AED15,000.00 - AED20,000.00 per month
