4 Days in office hybrid
Role Summary
We are seeking a mid-level English law qualified solicitor to join the Commercial, Technology & Data Legal Team.
The role will support the business across a broad range of commercial contracting, technology and data protection matters, with increasing exposure to AI governance and data driven initiatives and will work closely with the UK Data Protection Officer (DPO) supporting UK Data Protection Office work.
This is a hands-on, business facing role, suited to a solicitor who is comfortable managing matters independently with appropriate supervision, while contributing collaboratively within a growing specialist legal team.
Solicitor, Commercial Contracts and Data Protection
Summary of the key objectives and primary goals:
1. Commercial Contracting
Provision of legal advice, guidance and support to, and identification and analysis of legal and commercial issues for, principally the support units within the SG London perimeter and also the business units in relation to legal matters which fall outside of the remit of the BU support lawyers and other Group function teams. In particular to support UK Sourcing in relation to the review, drafting and negotiation of all outsourcing and commercial contracts, and the development of relevant template contracts, legal updates, training and self-help guides where appropriate.
To deliver the above objectives, the role will be responsible for:
- Drafting, reviewing and negotiating a range of commercial contracts, including:
- General commercial supplier and customer agreements
- Professional services and consultancy agreements
- Framework agreements, statements of work and amendments
- Managing contracts across the low to high value spectrum, applying a risk‑based and proportionate approach.
- Providing clear, commercially pragmatic advice to business stakeholders.
2. Technology & IT Contracts
- Advise on and negotiate technology‑related agreements, including:
- Software and SaaS agreements
- IT services and technology‑enabled commercial arrangements
- Identify and manage legal risk relating to technology, outsourcing and digital service delivery.
3. Data Protection & Privacy
- Support the UK DPO in delivering the organisation’s data protection and privacy compliance framework, including:
- Drafting and negotiating data processing and data sharing agreements, and data protection provisions of commercial contracts
- Advising on controller/processor roles and allocation of responsibilities
- Responding to DSARs, assisting with regulatory enquiries and internal data protection initiatives.
- Assisting with the investigation, assessment, and maintenance of a log of personal data breaches
- Assisting to maintain data processing records for SG UK entities (DPRs)
- Assisting BU and SU stakeholders to complete Data Protection Impact Assessments
- Supporting international data transfer arrangements (e.g. IDTAs, TRAs)
- Assisting with Group reporting and data protection risk assessments, such as RAMOS and DataGo
- Helping monitor compliance with internal data protection policies and procedures, including helping to develop and deliver training to internal stakeholders.
- Draft template legal documentation, policies, procedures and guidance notes relating to Data Protection.
- Track regulatory and guidance developments relevant to data protection and summarise key points for the Team.
4. AI Governance & Emerging Technologies
- Support legal oversight of AI and data‑driven technologies, including:
o Contractual considerations relating to use of AI tools and systems
o Allocation of risk for AI outputs and data usage
o Supporting implementation of internal AI governance and acceptable use frameworks
- Monitor relevant legal and regulatory developments and support internal guidance.