About this role
We are looking for a highly skilled and experienced Data Protection Manager to join our team. This role will be responsible for overseeing our Cybersecurity and Data Protection strategy and ensuring compliance with GDPR and other relevant Cybersecurity and Data Protection laws in Germany and France. The ideal candidate will have a strong understanding of data protection regulations and cybersecurity practices.
RESPONSIBILITIES AND FUNCTIONS
- Responsibilities of the role include, but are not limited to, understanding and delivering the requirements of local regulatory and global data protection and cybersecurity initiatives, risk management, third-party assurance, disaster recovery and vulnerability management.
- Develop and implement cybersecurity and data protection policies and procedures to ensure compliance with GDPR, Cybersecurity policies and local cyber and data protection laws in Germany and France.
- Conduct regular Cybersecurity and Data Protection audits and assessments to identify and mitigate risks.
- Identify and classify all personal data processing activities, ensuring that the processing register is always up to date, classify processing according to risk, applying the corporate risk methodology assessment tool.
- Ensure there is a data controller for each of the processing and that the required data protection requirements and controls are identified and implemented.
- Take the role identified in the incident response procedure when there is a data or cyber breach.
- Serve as the primary point of contact for data protection subjects in Germany and France.
- Ensure any request received from cybersecurity and data protection authorities or data subjects are processed in time and form, as established by each country legislation and by internal rules.
- Provide expert advice and guidance on data protection and cybersecurity matters to internal stakeholders.
- Monitor and report on data protection and cybersecurity compliance and performance.
- Conduct data protection impact assessments (DPIAs) and ensure appropriate measures are in place to protect personal data.
- Train and educate employees on data protection and cybersecurity best practices and compliance requirements.
PROFILE/REQUIREMENTS
- Bachelor's degree in Law, Information Security, Cybersecurity, or a related field.
- Minimum of 5 years of experience in data protection, cybersecurity, or a related field.
- In-depth knowledge of GDPR and local data protection laws in Germany and France.
- Knowledge and awareness of security standards including ISO 27000 series and ISA/IEC 62443 series.
- Knowledge and awareness of the NIS 2 Regulations and equivalent European legislation.
- Experience in managing data protection and cyber security audits and collecting evidence to demonstrate compliance with reviewed requirements such as GDPR, ISO27001, among others.
- Experience and understanding of technical due diligence.
- Significant experience in engineering industry.
DESIRABLE SKILLS
- Certified Information Privacy Professional/Europe (CIPP/E) or equivalent certification is preferred.
- Industry recognised qualifications such CISA, CISM, CISSP or any SANS certifications.
- Languages: Proficiency in German and/or French is highly desirable. Other useful languages: Spanish.
WHAT WE OFFER
- Global leader in green energy: Actively contribute to the energy transition.
- Career development: Diverse training opportunities and long-term growth prospects.
- Language courses: German, English, and Spanish.
- Mobility: Subsidy for the Germany Ticket (BVG).
- Employee discounts: Attractive offers from partners in retail, travel, and more.
- Compensation: Performance-based salary that values your contribution.
Mobility Information
Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country.
Job Posting End Date:
January-31-2026Other facts
About Iberdrola
Avangrid, Inc. is a leading energy company in the United States working to meet the growing demand for energy for homes and businesses across the nation through service, innovation, and continued investments by expanding grid infrastructure and energy generation projects. Avangrid has offices in Connecticut, New York, Massachusetts, Maine, and Oregon, including operations in 23 states with approximately $48 billion in assets, and has two primary lines of business: networks and power. Through its networks business, Avangrid owns and operates eight electric and natural gas utilities, serving more than 3.4 million customers in New York and New England. Through its power generation business, Avangrid owns and operates 80 energy generation facilities across the United States producing 10.5 GW of power for over 3.1 million customers. Avangrid employs approximately 8,000 people and has been recognized by JUST Capital as one of the JUST 100 companies – a ranking of America’s best corporate citizens – in 2025 for the fifth consecutive year. The company was named among the World’s Most Ethical Companies in 2025 for the seventh consecutive year by the Ethisphere Institute. Avangrid is a member of the group of companies controlled by Iberdrola, S.A.
What you'll do
- Oversee the Cybersecurity and Data Protection strategy, ensuring compliance with GDPR and local laws. Conduct audits and assessments to identify and mitigate risks while providing expert advice to stakeholders.
Ready to join Iberdrola?
Take the next step in your career journey