Job Description
Location: North West (hybrid working available)
The Opportunity
An established and operationally complex organisation is seeking a Legal & Data Protection Manager to provide practical, commercially focused legal and compliance support across a wide range of business activities.
This is a hands‑on role combining commercial contracts, governance and data protection, offering real autonomy, visibility and stakeholder exposure. The successful candidate will act as a trusted internal adviser, embedding legal, contractual and GDPR best practice into day‑to‑day decision‑making.
Key Responsibilities
* Provide clear, pragmatic legal and compliance advice to procurement, projects and operational teams.
* Draft, review, amend and negotiate a broad range of commercial, supplier, framework and construction‑related contracts.
* Advise on risk allocation, liabilities and contractual disputes, including supplier challenges and claims.
* Support governance frameworks and ensure policies and processes remain legally compliant and up to date.
* Embed UK GDPR requirements into commercial and operational activities.
* Manage the full lifecycle of Data Subject Access Requests (DSARs).
* Lead Data Protection Impact Assessments (DPIAs) and identify proportionate mitigation strategies.
* Oversee data breach investigations, documentation and remediation actions.
* Maintain privacy documentation including privacy notices, policies and retention schedules.
* Liaise with external advisers, suppliers, contractors and public‑sector stakeholders where required.
* Line manage a Legal & Compliance Support Officer and contribute to data protection training across the business.
About You
You will be an experienced legal or compliance professional with a strong commercial mindset and the ability to balance legal risk with operational realities.
Key requirements include:
* Proven experience drafting and negotiating commercial contracts (exposure to construction contracts is desirable).
* Sound knowledge of compliance, governance and regulatory interpretation.
* Hands‑on experience delivering GDPR processes (DSARs, DPIAs, breach management and privacy documentation).
* Ability to communicate complex legal issues clearly to non‑legal stakeholders.
* Strong organisational skills with the confidence to manage competing priorities.
* Comfortable working autonomously within an in‑house environment.
Desirable but not essential:
* Experience with NEC and/or JCT contract forms.
* Data protection qualifications (e.g. CIPP/E, CIPM).
* Formal legal qualification (experience is valued over title).
Why Apply?
* Competitive salary of £55k-£60k
* Superb benefits package, including a final salary pension
* Broad, integrated legal role covering contracts, compliance and data protection
* High visibility and influence across a large, operational organisation
* Opportunity to shape governance and compliance frameworks
* Hybrid working and long‑term stability