Compliance Officer / Head of Risk / Data Protection Officer

Role Overview

Compliance Officer

• Own the company’s regulatory compliance framework across all VARA rulebooks;
• Monitor regulatory developments (VARA, CBUAE, SCA) and assess impact on MOSAIK’s operations;
• Manage the compliance monitoring programme, including periodic testing of controls;
• Ensure all VARA reporting obligations are met (monthly, quarterly, annual);
• Oversee the outsourcing compliance framework and monitor third-party service providers;
• Maintain the Conflict of Interest Register and Insider Trading Register;
• Coordinate with the internal and external auditors on compliance-related findings;
• Advise the Board and senior management on compliance risks and regulatory obligations;
• Serve as primary liaison with VARA on non-AML compliance matters.

Head Of Risk Function

• Own and maintain the Enterprise Risk Management (ERM) Framework;
• Conduct and update the enterprise-wide risk assessment at least annually;
• Maintain the risk register, tracking all identified risks with owners, controls, and residual ratings;
• Report to the Board quarterly on the risk dashboard, emerging risks, and risk appetite utilisation;
• Oversee operational risk management, including technology risk (in coordination with CISO), credit risk, market risk, and liquidity risk;
• Monitor key risk indicators (KRIs) and escalate breaches to the Board;
• Coordinate BCDR testing outcomes and track remediation of identified gaps.

Data Protection Officer

• Ensure compliance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and any applicable VARA data protection requirements;
• Maintain the data processing register and conduct data protection impact assessments for new products or processes;
• Handle data subject access requests and manage data breach notification procedures (72-hour VARA notification window);
• Advise on data minimisation, consent management, and cross-border data transfer requirements;
• Coordinate with the CISO on information security matters that intersect with data protection.

Essential

• Minimum 5 years’ experience in compliance, risk management, or regulatory affairs within financial services, fintech, or virtual asset businesses;
• Strong knowledge of UAE regulatory landscape (VARA, CBUAE, SCA, UAE PDPL);
• Experience building or managing an ERM framework;
• Understanding of virtual asset markets, blockchain technology, and tokenization;
• Ability to operate independently and build compliance and risk functions from scratch;
• Strong written and verbal communication skills for Board reporting and regulatory correspondence;
• UAE resident or willing to relocate immediately;
• Must meet VARA’s Fit & Proper Person requirements.

Preferred

• Professional compliance or risk qualification (ICA Diploma, CRCM, FRM, or equivalent);
• Experience with VARA-regulated entities or VARA application processes;
• Data protection qualification or certification (CIPP, CIPM, or equivalent);
• Experience with real-world asset (RWA) tokenization or DeFi/CeFi compliance;
• Arabic language skills (advantageous but not required).

What We Offer

• Triple-hatted founding role — Compliance, Risk, and Data Protection ownership from day one;
• Direct Board reporting line across all three functions;
• Competitive salary commensurate with experience (to be discussed);
• Opportunity to define the compliance and risk culture of a VARA-regulated platform;
• Small, fast-moving team with direct access to the CEO and Board.