Senior Privacy & Security Commercial Counsel

GC AI

$130K — $180K *
US-AnywhereRemote in United States
Legal & Accounting
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • JD and bar membership in at least one US jurisdiction
  • 5-10 years of privacy and security legal experience, preferably in-house
  • Deep knowledge of GDPR, CCPA/CPRA, and international data protection laws
  • Experience supporting B2B SaaS sales processes and security reviews
  • Strong skills in negotiating DPAs and data protection terms
  • Ability to prioritize tasks independently in a fast-paced environment
  • Familiarity with startup culture and its challenges

Responsibilities

  • Own the legal framework for SOC 2, ISO 27001, and ISO 42001 compliance
  • Advise product and engineering teams on privacy-by-design principles
  • Manage regulatory compliance for GDPR, CCPA, and other privacy laws
  • Negotiate complex DPAs and security addendums alongside the commercial legal team
  • Maintain and evolve templates for DPA and information security
  • Support enterprise sales by addressing security inquiries during customer calls
  • Assist in managing relationships with external auditors for compliance

Benefits

  • Flexible remote work with occasional in-office days for local residents
  • Opportunity to shape how privacy and security counsel operates in an AI-driven context
  • Direct involvement in high-value customer negotiations
  • Growth potential within a dynamic startup environment
  • Collaboration with various teams, including engineering and sales
Full Job Description
About The Role

As Senior Privacy & Security Counsel, you will own GC AI's privacy, data protection, and security compliance legal work, reporting to the General Counsel initially. You will be the go-to lawyer for everything from GDPR and CCPA compliance to SOC 2 and ISO certification programs, DPA negotiations, and AI governance. You will partner with the Privacy & Compliance team on operational execution, work alongside the commercial legal team on customer-facing data protection terms, and advise product and engineering on privacy-by-design. At a company that builds legal AI, you will also be shaping how privacy and security counsel work gets done in the future.

The Impact You Will Have
  • Own GC AI's privacy and security legal posture across every regulatory framework that touches the business.
  • Serve as the internal subject matter expert that product, engineering, sales, and the commercial legal team rely on for privacy and security guidance.
  • Directly enable enterprise deals by handling the DPA and security addendum negotiations
    that sophisticated customers require.
  • Build and maintain the privacy and security playbook positions that scale with GC AI's growth.
  • Keep GC AI ahead of the regulatory curve on AI governance, international privacy
    frameworks, and emerging US state privacy laws.
What You Will Do
  • Own the legal framework for GC AI's SOC 2, ISO 27001, and ISO 42001 compliance
    programs, partnering with the GRC and Compliance team on operational execution.
  • Advise product and engineering on privacy-by-design, data protection impact assessments, and AI governance requirements.
  • Own GC AI's regulatory compliance posture for GDPR, CCPA/CPRA, EU AI Act, and emerging US state privacy laws.
  • Serve as the escalation point for complex DPA and security addendum negotiations, working alongside the commercial legal team.
  • Directly handle DPA and security addendum redlines for strategic and high-value customer deals.
  • Maintain and evolve GC AI's standard DPA, security addendum, and Information Security Addendum templates and playbook positions.
  • Support enterprise sales by joining security calls with sophisticated prospects and responding to detailed security and privacy inquiries.
  • Assist with managing relationships with external auditors and compliance vendors (e.g., SOC 2 auditors, penetration testing firms, privacy tooling providers).
  • Advise on incident response legal obligations, breach notification requirements, and customer communications.
  • Own the legal review of the Trust Center, security marketing claims, and subprocessor disclosures.
  • Provide guidance on cross-border data transfers, international privacy frameworks, and jurisdiction-specific data protection requirements.
  • Assist with other compliance projects (including entity compliance management)
  • Take on additional projects and tasks as needed in response to the evolving needs of a fast- growing startup.
Required Experience
  • JD and active bar membership in at least one US jurisdiction.
  • 5-10 years of privacy and security legal experience, with a meaningful portion in-house at a technology or SaaS company.
  • Deep working knowledge of GDPR, CCPA/CPRA, and the broader US and international data protection regulatory landscape.
  • Experience supporting sales processes at a B2B SaaS company, including security reviews, procurement questionnaires, and customer-facing calls.
  • Experience negotiating DPAs and data protection terms in a B2B SaaS context, including GDPR Article 28 processor obligations, standard contractual clauses, and cross-border transfer mechanisms.
  • Demonstrated ability to work independently, prioritize competing demands, and deliver under pressure.
  • Comfort working at startup pace with ambiguity, shifting priorities, and limited precedent.
Nice To Have
  • CIPP/US, CIPP/E, or similar privacy certification.
  • Experience with AI governance frameworks (EU AI Act, NIST AI RMF) or ISO 42001.
  • Hands-on experience supporting security compliance programs (SOC 2, ISO 27001, or similar), including policy drafting, audit support, and gap analysis.
  • Background in cybersecurity incident response or breach management.
  • Experience at a high-growth startup or scale-up company (Series B through pre-IPO).
  • Prior big law firm experience in privacy, data protection, or technology transactions


Location Policy

This is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Tuesdays, Wednesdays, and Thursdays.

Similar Jobs

More Jobs at GC AI

More Legal & Accounting Jobs

Find similar Senior Privacy & Security Commercial Counsel jobs: