GC AI Logo

GC AI

Senior Privacy & Security Commercial Counsel

Posted An Hour Ago
Be an Early Applicant
Remote
Hiring Remotely in United States
170K-225K Annually
Senior level
Remote
Hiring Remotely in United States
170K-225K Annually
Senior level
Lead GC AI's privacy, data protection, and security compliance legal work: own GDPR/CCPA/CPRA posture, manage SOC 2/ISO programs, negotiate DPAs and security addenda, advise product and engineering on privacy-by-design and AI governance, support enterprise sales on security reviews, and maintain privacy/security playbooks.
The summary above was generated by AI

GC AI is the fastest-growing and most trusted legal AI platform for in-house legal teams. We're building the future of legal work, and we're doing it fast. You'll join at a pivotal moment—when decisions matter, impact is immediate, and the runway to shape your career is wide open. We’re a high-performing team where you'll have real ownership and influence from day one.

 

More than 1,700 companies use GC AI to drive their business forward, including 150+ public companies, 25+ unicorns, and brands such as News Corp, Miro, Bass Pro Shops, Snyk, Skims, Liquid Death, Vercel, Zscaler, and TIME.

 

We've 10x'd revenue in 12 months, raised a $60 million Series B ($555 million valuation), and are growing faster than ever. We are backed by incredible investors, including Scale Venture Partners, Northzone, Sound Ventures, and Guillermo Rauch, CEO of Vercel.

 

If you thrive when the stakes are high and the path isn't paved, you'll love it here. Our six guiding principles are: 1% better every day, customer obsession, ship today, find a way, care deeply, and own it completely. Come shape the future of legal work with us.

About The Role

As Senior Privacy & Security Counsel, you will own GC AI's privacy, data protection, and security compliance legal work, reporting to the General Counsel initially. You will be the go-to lawyer for everything from GDPR and CCPA compliance to SOC 2 and ISO certification programs, DPA negotiations, and AI governance. You will partner with the Privacy & Compliance team on operational execution, work alongside the commercial legal team on customer-facing data protection terms, and advise product and engineering on privacy-by-design. At a company that builds legal AI, you will also be shaping how privacy and security counsel work gets done in the future.

The Impact You Will Have
  • Own GC AI's privacy and security legal posture across every regulatory framework that touches the business.

  • Serve as the internal subject matter expert that product, engineering, sales, and the commercial legal team rely on for privacy and security guidance.

  • Directly enable enterprise deals by handling the DPA and security addendum negotiations

    that sophisticated customers require.

  • Build and maintain the privacy and security playbook positions that scale with GC AI's growth.

  • Keep GC AI ahead of the regulatory curve on AI governance, international privacy

    frameworks, and emerging US state privacy laws.

What You Will Do
  • Own the legal framework for GC AI's SOC 2, ISO 27001, and ISO 42001 compliance

    programs, partnering with the GRC and Compliance team on operational execution.

  • Advise product and engineering on privacy-by-design, data protection impact assessments, and AI governance requirements.

  • Own GC AI's regulatory compliance posture for GDPR, CCPA/CPRA, EU AI Act, and emerging US state privacy laws.

  • Serve as the escalation point for complex DPA and security addendum negotiations, working alongside the commercial legal team.

  • Directly handle DPA and security addendum redlines for strategic and high-value customer deals.

  • Maintain and evolve GC AI's standard DPA, security addendum, and Information Security Addendum templates and playbook positions.

  • Support enterprise sales by joining security calls with sophisticated prospects and responding to detailed security and privacy inquiries.

  • Assist with managing relationships with external auditors and compliance vendors (e.g., SOC 2 auditors, penetration testing firms, privacy tooling providers).

  • Advise on incident response legal obligations, breach notification requirements, and customer communications.

  • Own the legal review of the Trust Center, security marketing claims, and subprocessor disclosures.

  • Provide guidance on cross-border data transfers, international privacy frameworks, and jurisdiction-specific data protection requirements.

  • Assist with other compliance projects (including entity compliance management)

  • Take on additional projects and tasks as needed in response to the evolving needs of a fast- growing startup.

Required Experience
  • JD and active bar membership in at least one US jurisdiction.

  • 5-10 years of privacy and security legal experience, with a meaningful portion in-house at a technology or SaaS company.

  • Deep working knowledge of GDPR, CCPA/CPRA, and the broader US and international data protection regulatory landscape.

  • Experience supporting sales processes at a B2B SaaS company, including security reviews, procurement questionnaires, and customer-facing calls.

  • Experience negotiating DPAs and data protection terms in a B2B SaaS context, including GDPR Article 28 processor obligations, standard contractual clauses, and cross-border transfer mechanisms.

  • Demonstrated ability to work independently, prioritize competing demands, and deliver under pressure.

  • Comfort working at startup pace with ambiguity, shifting priorities, and limited precedent.

Nice To Have
  • CIPP/US, CIPP/E, or similar privacy certification.

  • Experience with AI governance frameworks (EU AI Act, NIST AI RMF) or ISO 42001.

  • Hands-on experience supporting security compliance programs (SOC 2, ISO 27001, or similar), including policy drafting, audit support, and gap analysis.

  • Background in cybersecurity incident response or breach management.

  • Experience at a high-growth startup or scale-up company (Series B through pre-IPO).

  • Prior big law firm experience in privacy, data protection, or technology transactions

Location Policy

This is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Tuesdays, Wednesdays, and Thursdays.

 
Equal Opportunity Employment

GC AI is an equal opportunity employer that supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class. GC AI is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. #LI-GCAI

 
Fraud Notice to GC AI Applicants

To protect yourself against phishing and recruitment fraud, please note that GC AI only accepts job applications through our official careers page at https://gc.ai/careers and through sponsored jobs on LinkedIn. All legitimate communication from our team regarding job opportunities will come from a GC AI team member with a @gc.ai or @getgc.ai email address.

 

GC AI will never:

  • Refer you to external websites to apply

  • Conduct interviews over email, chat platforms, or messaging apps

  • Ask you to provide payment or purchase equipment

  • Request personal or financial information such as your mailing address, social security number, credit card numbers, or banking information during the application process

 

Examples of fraudulent email addresses:

 

If you are contacted by someone claiming to be from GC AI via an unofficial channel or from a suspicious email address, please do not share any information. Mark the communication as "phishing" or "spam" and do not respond.

Similar Jobs at GC AI

Yesterday
Remote
United States
Senior level
Senior level
Artificial Intelligence • Legal Tech
Own and harden core platform infrastructure on GCP, build and maintain CI/CD and IaC, unify logging and observability, enforce network and environment isolation, improve developer productivity and tooling, and help define platform engineering direction and culture.
Top Skills: Ci/CdDeployment PipelinesGoogle Cloud PlatformIamInfrastructure As CodeLoggingNetworkingObservabilityPulumiService AccountsTerraformTypescript
Yesterday
Remote
United States
165K-350K Annually
Senior level
165K-350K Annually
Senior level
Artificial Intelligence • Legal Tech
Design and implement complex, accessible front-end components and a reusable design system. Architect UI solutions, prototype interactions, mentor engineers, improve design-to-development workflows, and build performant, responsive interfaces and marketing pages for a legal AI platform.
Top Skills: CSSHTMLJavaScriptReactTypescript
2 Days Ago
Remote
United States
250K-300K Annually
Senior level
250K-300K Annually
Senior level
Artificial Intelligence • Legal Tech
As a Strategic Account Executive, you will lead enterprise sales of a legal AI platform, managing complex sales cycles and building relationships with key stakeholders.
Top Skills: HubspotSalesforce

What you need to know about the Chicago Tech Scene

With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.

Key Facts About Chicago Tech

  • Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
  • Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
  • Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
  • Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account