AI Data Protection Architect

About The Position

Requirements

• Deep expertise in data protection and privacy-by-design principles.
• Strong understanding of privacy regulations and standards: GDPR, Quebec Law 25, PIPEDA, ISO/IEC 27701
• Ability to design enterprise data protection architectures across: Applications, Databases, Cloud platforms, Data lakes and analytics environments
• Expertise in data classification, data mapping, and records of processing activities (RoPA).
• Strong knowledge of data security controls: Encryption (at rest, in transit, and in use), Key management systems (KMS, HSM), Tokenization, anonymization, and pseudonymization, Data Loss Prevention (DLP)
• Experience architecting identity and access controls for sensitive data: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Privileged Access Management (PAM)
• Ability to design data retention, archiving, and secure data destruction strategies.
• Familiarity with cloud-native data protection and governance tools: Azure Purview / Microsoft Purview, AWS Macie, Google Cloud DLP
• Experience integrating privacy and data protection into: DLC and DevSecOps pipelines, Data engineering and analytics workflows
• Ability to assess privacy risks in AI, machine learning, and large-scale data processing systems.
• Strong understanding of logging, monitoring, auditability, and evidence collection.
• Experience with privacy management and GRC platforms: OneTrust, TrustArc, ServiceNow GRC

Nice To Haves

• CIPP/E, CIPP/C, CIPM, ISO/IEC 27701 Lead Implementer / Lead Auditor, CDPSE, CISSP (an asset)

Responsibilities

• Define and maintain enterprise privacy-by-design and privacy-by-default architectures.
• Architect data protection controls across applications, infrastructure, cloud, and data platforms.
• Establish standards for data classification, handling, retention, archiving, and secure destruction.
• Ensure consistent application of data protection controls across on-premise, cloud, and hybrid environments.
• Architect privacy governance frameworks aligned with GDPR, Quebec Law 25, PIPEDA, and ISO/IEC 27701.
• Define control baselines, assurance mechanisms, and compliance monitoring models.
• Support executive decision-making related to privacy risk, compliance posture, and regulatory exposure.
• Collaborate with legal, internal audit, and GRC teams to ensure regulatory alignment.
• Architect encryption, key management, and secrets management strategies.
• Define data loss prevention (DLP) architectures and monitoring mechanisms.
• Ensure strong access controls and segregation of duties for sensitive data.
• Lead privacy risk assessments for complex systems, cloud platforms, AI solutions, and analytics environments.
• Architect solutions for data discovery, data mapping, and records of processing activities (RoPA).
• Ensure privacy requirements are integrated into SDLC, DevSecOps, and data engineering pipelines.
• Support privacy requirements for AI, machine learning, and advanced analytics use cases.
• Ensure auditability, traceability, and accountability of data usage.
• Define architectures for secure data sharing with third parties and vendors.
• Establish data protection requirements for outsourcing, SaaS, and cloud providers.
• Architect controls for cross-border data transfers and data residency requirements.
• Support design of data breach detection, response, and notification processes.
• Act as senior advisor during privacy incidents and regulatory reporting.
• Ensure evidence collection and documentation meet regulatory expectations.
• Act as the senior subject matter expert for data protection and privacy architecture.
• Mentor privacy analysts, GRC professionals, and security architects.
• Communicate privacy risks, architectural decisions, and mitigation strategies to executives and boards.
• Represent the organization with regulators, auditors, and external stakeholders when required.

Benefits

• 4 weeks of cumulative vacation starting from day one
• Flexible working hours
• Professional Development Allowance (PDA) for training, computer equipment, and physical activities
• Training tailored to your areas of expertise
• Registered Retirement Savings Plan (RRSP) with employer contribution up to 3% of gross salary
• Modular group insurance plan
• Public transportation or parking reimbursement when required
• Referral bonuses
• 11 statutory holidays
• Personal days
• An active social life (5to7 events, social club, healthy snacks, coffee, and more)