Data Governance & Security Lead

BlackStone eIT is seeking a proactive and experienced Data Governance & Security Lead to oversee our data governance and security strategies. In this leadership role, you will be responsible for ensuring that data is managed securely, complies with all regulatory requirements, and supports business objectives.

You will lead cross-functional teams to develop and enforce data governance policies, assess risks, and implement security controls to protect sensitive information across the organization.

Key Responsibilities

• Required Skills & Experience
• - Data governance framework design and implementation — has built a classification framework and operationalized it, not just documented it
• - Data classification standards — understands sensitivity levels, labeling, handling procedures, and how to enforce them technically
• - Regulatory compliance: GDPR, UAE data protection law, and ideally NESA/NIAR or Abu Dhabi data management standards
• - Security controls: encryption at rest and in transit, key management, access recertification, DLP tooling
• - DSPM/DLP tool experience (BigID, Fortra, Microsoft Purview, or comparable) — can evaluate, configure, and operate these tools
• - Vendor management: has been the client-side technical lead managing an external governance engagement
• - Data mesh governance concepts: data product ownership, quality SLAs, cross-entity sharing
• - AI governance fundamentals: model and agent registration, data scope controls, audit trail requirements
• - Stakeholder communication: can work with Legal, IT, and entity leadership on policy review and adoption
• - Policy-as-code concepts: translating governance rules into automated technical enforcement

Requirements:
• Bachelor’s or Master’s degree in Information Security, Information Technology, Data Management, or related field.
• 7+ years of experience in data governance, data security, or information security roles.
• Strong knowledge of data governance frameworks and data protection regulations (e.g., GDPR, CCPA, ISO 27001).
• Proven leadership and project management skills.
• Experience with data security tools and technologies.
• Excellent analytical, communication, and interpersonal skills.
• Certifications such as CISM, CISSP, or CDPSE are highly desirable.
• Ability to lead cross-functional teams and influence stakeholders at all levels.
• Strong problem-solving skills and attention to detail.
• Ability to manage multiple priorities in a dynamic environment.
• - New system onboarding governance: every new data source, pipeline, and AI agent requires classification review, ownership assignment, and access control before production
• - Regulatory evolution: track changes to UAE data regulations, assess impact, update policies, implement controls
• - Recurring audit cycles: annual/semi-annual internal and external audits — evidence preparation, coordination, remediation tracking
• - Data mesh governance: are entity data products meeting quality SLAs? Are ownership registers current? Are new data products classified before publication?
• - Cross-entity data disputes: arbitrate when entities request access to each other's data — does policy allow it, what classification level, who approves?
• - Governance board: monthly standing review — prepare agenda, collect metrics, present compliance status, track action items

Benefits:
• Paid Time Off
• Training & Development
• Performance Bonus