Data Protection Lead [Hybrid or Remote]

About Us:

EDF Renewables North America is a market-leading independent power producer and service provider with over 35 years of experience. We deliver grid-scale power: wind (onshore and offshore), solar photovoltaic, and storage projects; distribution-scale power: solar and storage; asset optimization: technical, operational, and commercial expertise to maximize the performance of generating projects, and onsite solutions, through the Company’s PowerFlex affiliate, offering a full suite of onsite energy solutions for commercial and industrial customers: solar, storage, EV charging, energy management systems, and microgrids.

Benefits & Perks: 

EDF Renewables offers best-in-class employee benefits, including the following:

• Competitive bonus incentives.  This position is eligible for our annual bonus program.
• Comprehensive health coverage. EDF Renewables USA provides low-cost health & wellness coverage for employees and their eligible dependents.
• Rewarding 401k. EDF Renewables provides a generous matching contribution.

We are also proud to offer:

• Favorable paid time off programs, including paid parental leave after one year of service.
• Rewarding learning & career development and advancement opportunities.
• Supportive mentorship & buddy programs.

Be a part of an innovative and collaborative team environment that fosters our goal of delivering renewable solutions to lead the transition to a sustainable energy future.

Salary range:  The full pay range for this role is $105,100 to $175,000 annually.  We generally base our salary decisions on factors such as internal equity, candidate work and/leadership experience, educational credentials, and in some cases, candidate work location.

The Data Protection Lead establishes and builds out EDF Power Solutions’ data governance framework. Responsible for overseeing data protection strategy, implementing compliance frameworks, and ensuring the organization meets all relevant data protection obligations. A key member of the enterprise data governance team collaborates closely with various stakeholders across the organization, including Information Security, Legal, and Compliance departments. 

Data Protection Strategy & Governance – 20% 

• Partners with the Director of Digital GRC to align data protection strategy with broader data governance initiatives.  

• Designs, implements, and maintains the organization's data protection policies, procedures, and standards.  

• Contributes to the enterprise data governance framework to ensure proper data handling throughout its lifecycle.  

• Develops and implements data protection impact assessments (DPIAs) for new processes and systems.  

• Collaborates with data stewards and data owners to establish data classification guidelines and data retention schedules.  

• Supports stakeholders to ensure the design, development, and implementation of artificial intelligence systems are aligned with data privacy regulations.  

Compliance & Risk Management – 20% 

• Ensures organizational compliance with relevant data protection laws and regulations (e.g., GDPR, CCPA, PIPEDA)  

• Coordinates with the governance team to monitor and regularly audit data protection compliance across the organization.  

• Works with risk management specialists to identify and mitigate data protection risks within business operations.  

• Maintains records of processing activities and information asset registers  

• Serves as the primary point of contact for supervisory authorities on data protection matters.  

Coordination & Communication – 20% 

• Establishes effective working relationships with all members of the enterprise data governance team.  

• Facilitates cross-functional collaboration between IT, legal, compliance, and business units.  

• Regularly reports on data protection metrics and activities to the Director for Data Governance  

• Participates in data governance meetings and working groups.  

• Ensures alignment between data protection initiatives and other governance workstreams.  

Education & Training – 20% 

• Collaborates to design and develop data protection awareness programs for all staff.  

• Provides specialized training for data governance team members and others managing sensitive data.  

• Keeps stakeholders informed about changes in data protection legislation and requirements.  

• Promotes a culture of privacy and data protection throughout the organization.  

• Stays current on artificial intelligence regulations and trends.  

Incident Management – 15% 

• Works with security and IT teams to establish data breach detection, response, and notification procedures.  

• Coordinates with relevant teams during breach investigation and remediation activities  

• Ensures proper documentation and reporting of data incidents.  

• Supports the broader governance team during security incidents with data protection implications.  

Other duties as assigned – 5% 

Supervision of Others: No direct reports 

• Bachelor's degree in law, information security, data management, or related field; master’s degree preferred. 

• 5+ years of experience in data protection, privacy, or compliance roles required. 

• Experience working within data governance frameworks required. 

• Certifications such as CIPP, CIPM, CIPT, or equivalent preferred 

• Experience with data protection in a similar industry 

• Experience with privacy-enhancing technologies and privacy by design principles 

• Experience building consensus across diverse stakeholder groups required. 

• Background in enterprise data governance or data management required. 

Skills/Knowledge/Abilities –  

• In-depth knowledge of data protection regulations and implementation practices 

• Demonstrated ability to work effectively in cross-functional teams. 

• Strong coordination and stakeholder management skills 

• Excellent communication skills with the ability to translate complex requirements into actionable guidance. 

• Knowledge of information security standards (ISO 27001, NIST) 

• Strong understanding of artificial intelligence principles and technologies 

Physical Requirements: (describe any physical demands of the job such as lifting, climbing, standing, stooping, etc.) 

Working Conditions:  

90% of time is spent in the office environment, utilizing computers (frequent use of various Microsoft software/programs), phones, and general office equipment. 10% of time is spent outside of the office visiting vendors’ and/or internal customers’ sites in additional to attending various conferences and meetings.  

Fiscal Responsibilities: Contributes to the DT Budget