Jobs · Legal

Senior Privacy & Security Counsel

GC AI · United States · 1 wk ago
RemoteRemoteLegal$170k–$225k/yrContract

About the role

You will own GC AI's privacy, data protection, and security compliance legal work, reporting to the General Counsel initially. You will be the go-to lawyer for everything from GDPR and CCPA compliance to SOC 2 and ISO certification programs, DPA negotiations, and AI governance. You will partner with the Privacy & Compliance team on operational execution, work alongside the commercial legal team on customer-facing data protection terms, and advise product and engineering on privacy-by-design.

At a company that builds legal AI, you will also be shaping how privacy and security counsel work gets done in the future.

The Impact You Will Have

Own GC AI's privacy and security legal posture across every regulatory framework that touches the business. Serve as the internal subject matter expert that product, engineering, sales, and the commercial legal team rely on for privacy and security guidance.

Directly enable enterprise deals by handling the DPA and security addendum negotiations that sophisticated customers require. Build and maintain the privacy and security playbook positions that scale with GC AI's growth.

Keep GC AI ahead of the regulatory curve on AI governance, international privacy frameworks, and emerging US state privacy laws.

What You Will Do

  • Own the legal framework for GC AI's SOC 2, ISO 27001, and ISO 42001 compliance programs, partnering with the GRC and Compliance team on operational execution.
  • Advises product and engineering on privacy-by-design, data protection impact assessments, and AI governance requirements.
  • Own GC AI's regulatory compliance posture for GDPR, CCPA/CPRA, EU AI Act, and emerging US state privacy laws.
  • Serve as the escalation point for complex DPA and security addendum negotiations, working alongside the commercial legal team.
  • Maintain and evolve GC AI's standard DPA, security addendum, and Information Security Addendum templates and playbook positions.
  • Support enterprise sales by joining security calls with sophisticated prospects and responding to detailed security and privacy inquiries.
  • Assist with managing relationships with external auditors and compliance vendors (e.g., SOC 2 auditors, penetration testing firms, privacy tooling providers).
  • Advise on incident response legal obligations, breach notification requirements, and customer communications.
  • Own the legal review of the Trust Center, security marketing claims, and subprocessor disclosures.
  • Provide guidance on cross-border data transfers, international privacy frameworks, and jurisdiction-specific data protection requirements.
  • Assist with other compliance projects (including entity compliance management).
  • Take on additional projects and tasks as needed in response to the evolving needs of a fast-growing startup.

Required Experience

  • JD and active bar membership in at least one US jurisdiction.
  • 5-10 years of privacy and security legal experience, with a meaningful portion in-house at a technology or SaaS company.
  • Deep working knowledge of GDPR, CCPA/CPRA, and the broader US and international data protection regulatory landscape.
  • Experience supporting sales processes at a B2B SaaS company, including security reviews, procurement questionnaires, and customer-facing calls.
  • Experience negotiating DPAs and data protection terms in a B2B SaaS context, including GDPR Article 28 processor obligations, standard contractual clauses, and cross-border transfer mechanisms.
  • Demonstrated ability to work independently, prioritize competing demands, and deliver under pressure.
  • Comfort working at startup pace with ambiguity, shifting priorities, and limited precedent.

Nice to Have

  • CIPP/US, CIPP/E, or similar privacy certification.
  • Experience with AI governance frameworks (EU AI Act, NIST AI RMF) or ISO 42001.
  • Hands-on experience supporting security compliance programs (SOC 2, ISO 27001, or similar), including policy drafting, audit support, and gap analysis.
  • Background in cybersecurity incident response or breach management.
  • Experience at a high-growth startup or scale-up company (Series B through pre-IPO).
  • Prior big law firm experience in privacy, data protection, or technology transactions.

Similar jobs

Senior Privacy Counsel

RingCentralUnited States· 1 wk ago
RemoteLegal$140k–$200k/yrapply on ringcentral.wd1.myworkdayjobs.com

Senior Privacy Counsel

Ares ManagementNew York, NY· 3 days ago
Legal$250k–$300k/yrapply on aresmgmt.wd1.myworkdayjobs.com

Senior Privacy Counsel

Ares ManagementLos Angeles, CA· 3 wk ago
Legal$250k–$300k/yrapply on aresmgmt.wd1.myworkdayjobs.com