GC AI logo
GC AI

GC AI is the legal AI platform built for in-house teams that solves the workflows in-house lawyers and legal professionals face every day. With powerful tools like Easy Prompt and Exact Quote, you can be the legal hero your team needs with faster and more accurate drafting, reviewing, researching, and redlining. GC AI is built for in-house legal work, gets to know you and your company over time, uses 5 large language models under the hood, and is private, secure and compliant. GC AI is SOC 2 Type II certified, built with enterprise-grade security, and never uses your confidential data for training. Founded by a three-time General Counsel and former Morrison & Foerster litigator, GC AI is trusted by over 500 legal teams worldwide, including Webflow, CDW, Vercel, Liquid Death, Kenneth Cole, Eventbrite, SurveyMonkey, Tipalti, and other high-growth global brands. See the difference that becoming an AI-powered lawyer can make. Try it free or get a demo at gc.ai.

Senior Privacy & Security Commercial Counsel

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 11-50Since 2023

Location

United States

Posted

3 days ago

Salary

$170K - $225K / year

Seniority

Senior

English

Job Description

Senior Privacy & Security Commercial Counsel

GC AI

GC AI is the fastest-growing and most trusted legal AI platform for in-house legal teams. We're building the future of legal work, and we're doing it fast. You'll join at a pivotal moment—when decisions matter, impact is immediate, and the runway to shape your career is wide open. We’re a high-performing team where you'll have real ownership and influence from day one. More than 1,700 companies use GC AI to drive their business forward, including 150+ public companies, 25+ unicorns, and brands such as News Corp, Miro, Bass Pro Shops, Snyk, Skims, Liquid Death, Vercel, Zscaler, and TIME. We've 10x'd revenue in 12 months, raised a $60 million Series B ($555 million valuation), and are growing faster than ever. We are backed by incredible investors, including Scale Venture Partners, Northzone, Sound Ventures, and Guillermo Rauch, CEO of Vercel. If you thrive when the stakes are high and the path isn't paved, you'll love it here. Our six guiding principles are: 1% better every day, customer obsession, ship today, find a way, care deeply, and own it completely. Come shape the future of legal work with us. About The RoleAs Senior Privacy & Security Counsel, you will own GC AI's privacy, data protection, and security compliance legal work, reporting to the General Counsel initially. You will be the go-to lawyer for everything from GDPR and CCPA compliance to SOC 2 and ISO certification programs, DPA negotiations, and AI governance. You will partner with the Privacy & Compliance team on operational execution, work alongside the commercial legal team on customer-facing data protection terms, and advise product and engineering on privacy-by-design. At a company that builds legal AI, you will also be shaping how privacy and security counsel work gets done in the future. The Impact You Will Have - Own GC AI's privacy and security legal posture across every regulatory framework that touches the business. - Serve as the internal subject matter expert that product, engineering, sales, and the commercial legal team rely on for privacy and security guidance. - Directly enable enterprise deals by handling the DPA and security addendum negotiations that sophisticated customers require. - Build and maintain the privacy and security playbook positions that scale with GC AI's growth. - Keep GC AI ahead of the regulatory curve on AI governance, international privacy frameworks, and emerging US state privacy laws. What You Will Do - Own the legal framework for GC AI's SOC 2, ISO 27001, and ISO 42001 compliance programs, partnering with the GRC and Compliance team on operational execution. - Advise product and engineering on privacy-by-design, data protection impact assessments, and AI governance requirements. - Own GC AI's regulatory compliance posture for GDPR, CCPA/CPRA, EU AI Act, and emerging US state privacy laws. - Serve as the escalation point for complex DPA and security addendum negotiations, working alongside the commercial legal team. - Directly handle DPA and security addendum redlines for strategic and high-value customer deals. - Maintain and evolve GC AI's standard DPA, security addendum, and Information Security Addendum templates and playbook positions. - Support enterprise sales by joining security calls with sophisticated prospects and responding to detailed security and privacy inquiries. - Assist with managing relationships with external auditors and compliance vendors (e.g., SOC 2 auditors, penetration testing firms, privacy tooling providers). - Advise on incident response legal obligations, breach notification requirements, and customer communications. - Own the legal review of the Trust Center, security marketing claims, and subprocessor disclosures. - Provide guidance on cross-border data transfers, international privacy frameworks, and jurisdiction-specific data protection requirements. - Assist with other compliance projects (including entity compliance management) - Take on additional projects and tasks as needed in response to the evolving needs of a fast- growing startup. Required Experience - JD and active bar membership in at least one US jurisdiction. - 5-10 years of privacy and security legal experience, with a meaningful portion in-house at a technology or SaaS company. - Deep working knowledge of GDPR, CCPA/CPRA, and the broader US and international data protection regulatory landscape. - Experience supporting sales processes at a B2B SaaS company, including security reviews, procurement questionnaires, and customer-facing calls. - Experience negotiating DPAs and data protection terms in a B2B SaaS context, including GDPR Article 28 processor obligations, standard contractual clauses, and cross-border transfer mechanisms. - Demonstrated ability to work independently, prioritize competing demands, and deliver under pressure. - Comfort working at startup pace with ambiguity, shifting priorities, and limited precedent. Nice To Have - CIPP/US, CIPP/E, or similar privacy certification. - Experience with AI governance frameworks (EU AI Act, NIST AI RMF) or ISO 42001. - Hands-on experience supporting security compliance programs (SOC 2, ISO 27001, or similar), including policy drafting, audit support, and gap analysis. - Background in cybersecurity incident response or breach management. - Experience at a high-growth startup or scale-up company (Series B through pre-IPO). - Prior big law firm experience in privacy, data protection, or technology transactions Location PolicyThis is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Tuesdays, Wednesdays, and Thursdays. Equal Opportunity EmploymentGC AI is an equal opportunity employer that supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class. GC AI is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. #LI-GCAI Fraud Notice to GC AI ApplicantsTo protect yourself against phishing and recruitment fraud, please note that GC AI only accepts job applications through our official careers page at https://gc.ai/careers and through sponsored jobs on LinkedIn. All legitimate communication from our team regarding job opportunities will come from a GC AI team member with a @gc.ai or @getgc.ai email address. GC AI will never: - Refer you to external websites to apply - Conduct interviews over email, chat platforms, or messaging apps - Ask you to provide payment or purchase equipment - Request personal or financial information such as your mailing address, social security number, credit card numbers, or banking information during the application process Examples of fraudulent email addresses: - info.gcai.careers.com@gmail.com - info.gc.aicareers.online.com@gmail.com - Any email address ending in @gmail.com, @yahoo.com, or other free email services If you are contacted by someone claiming to be from GC AI via an unofficial channel or from a suspicious email address, please do not share any information. Mark the communication as "phishing" or "spam" and do not respond.

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 1,001-5,000Since 2002H1B No Sponsor

• Lead technical Red Team initiatives, adversary simulations, offensive testing, and control validation. • Support the definition of methodology, scope, rules of engagement, and prioritization of offensive exercises. • Conduct or guide simulations based on tactics, techniques, and procedures (TTPs) of real threats. • Identify weaknesses in identity, infrastructure, applications, networks, cloud, and operational processes. • Produce mitigation recommendations with technical clarity, risk-based prioritization, and practical guidance. • Correlate offensive findings with Blue Team, CSIRT, IAM, AppSec, architecture, and governance. • Support the development of indicators for exposure, resilience, and control effectiveness.

Brazil
First Citizens Bank logo

Principal Cyber Security Engineer - Network Security Operations

First Citizens Bank

First Citizens Bank offers a full line of financial services and focuses on individuals, as well as small to medium-sized businesses. As an employer, the compan

Role Description This position ensures the technological and digital security of the Bank at an advanced level of ability and technical expertise. Responsible for Network Security Engineering aspect of multiple Information Security platform technologies, including but not limited to; Firewall, Proxy, Remote Access, and WAF. Participate in cross-training with other team members to ensure team has functional knowledge across all Security platforms we support. - Mitigates exposure to cyber threats, security risks, and unauthorized access. - Assesses organization networks, applications, or systems for potential vulnerabilities. - Protects assets and information through a variety of methods, resolving security issues or incidents as they arise. - Maintains a strong knowledge of industry practices, technology, and evolving threats to enhance defenses for the Bank's information systems and resources. - Provide guidance to less experienced associates in the work group. Qualifications - Bachelor's Degree and 8 years of experience in Systems Engineering, Network, or Information Security OR High School Diploma or GED and 12 years of experience in Systems Engineering, Network, or Information Security. - Knowledge of data security practices, procedures, monitoring and alert tools, and risk management standards. - Knowledge of Firewall Policy Flow, Proxy Administration, Active Directory, Domain Name System, Security Management concepts and solution design. - Ability to clearly communicate risks, threats, and vulnerabilities and proposed implementation plan to mitigate/remediate. Requirements - Technical Security – Facilitates operation of Network Security designs for new and existing solutions. - Performs hardware and software lifecycle support for a range of security tools that secure assigned technical areas and data. - Perform operational support including incident management, processing of change requests, and provide troubleshooting assistance to internal and external customers. - Queue triage and management – Review, Triage, and coordinate response to incidents and tickets assigned to the group. - On-call support – Participate in on-call rotation requiring night and weekend support and availability. - Analysis - Identifies and evaluates potential threats or vulnerabilities in the Bank's networks, applications, or systems. - Compiles data from external or internal sources. - Performs data gathering and review processes on as needed basis. - Security Expertise - Maintains a current knowledge of technology, emerging threats, and security trends within the assigned technical area. - Provides guidance on appropriate security protocols. - Participates in special projects as a technical and security resource. - May assist with training on trends, threats, and applicable technologies. - Issue Resolution - Investigates and resolves network security infrastructure support incidents which may include network, routing, access control, configuration anomalies, and other risks. - Serves as escalation point for Security Operations teams. - Escalates as appropriate. - Business Planning - May assist in the development of security policies, standards, and strategies. Benefits - The base pay for this position is generally between $149,000 and $200,000. - Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. - For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment. - Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. - More information can be found at First Citizens Bank Benefits .

United States
$149K - $200K / year

Cyber Security Lead

Sprezzatura Management Consulting

Sprezzatura Management Consulting is working toward its vision to deliver “best-in-class” consulting, professional, and IT services. As an employer, the com

Role Description We are seeking a Cyber Security Lead to join our team. In this role, you will provide strategic leadership for the programs cybersecurity initiatives while overseeing day-to-day security operations, compliance, risk management, and team performance. This role serves as the primary cybersecurity advisor to program leadership, ensuring the security posture aligns with federal requirements, operational objectives, and industry best practices. The ideal candidate is an experienced leader who can translate cybersecurity strategy into operational execution while building and developing a high-performing team. Responsibilities - Strategic Cybersecurity Leadership - Serve as the primary cybersecurity liaison for internal leadership, technical teams, customers, and external stakeholders. - Define and execute the cybersecurity strategy, vision, priorities, and roadmap in alignment with organizational goals and federal security requirements. - Partner with program leadership, engineering teams, and product owners to integrate cybersecurity into program planning and delivery. - Foster a proactive security culture by promoting security awareness and collaboration across the organization. - Cybersecurity Operations - Lead the daily operations of the cybersecurity team, ensuring efficient execution of security activities and operational priorities. - Manage workload distribution, establish priorities, and monitor team performance to ensure timely, high-quality deliverables. - Recruit, onboard, mentor, and develop cybersecurity professionals while fostering a collaborative, high-performing team environment. - Conduct performance management, coaching, and career development to build organizational capability and support long-term growth. - Security Compliance, Risk Management & Governance - Ensure compliance with applicable federal cybersecurity requirements, including NIST, FISMA, Authorization to Operate (ATO), VA policies, and other regulatory frameworks. - Lead security assessments, risk analyses, threat modeling activities, and control evaluations to identify and mitigate organizational risk. - Develop, maintain, and continuously improve cybersecurity policies, standard operating procedures (SOPs), incident response plans, and governance documentation. - Oversee the tracking, validation, and documentation of corrective actions to ensure timely risk mitigation and audit readiness. - Vulnerability Management & Security Operations - Direct enterprise vulnerability management activities, including identification, prioritization, remediation coordination, and validation of security findings. - Collaborate with technical teams to ensure vulnerabilities are remediated within established service-level objectives and compliance timelines. - Monitor the effectiveness of security controls and operational processes, identifying opportunities to strengthen the organization's cybersecurity posture. - Drive continuous process improvement through operational efficiencies, automation, and implementation of security best practices. - Performance Reporting & Continuous Improvement - Establish and maintain cybersecurity metrics, dashboards, and key performance indicators (KPIs) to measure program effectiveness. - Prepare executive-level reports and briefings that communicate cybersecurity posture, operational performance, compliance status, and emerging risks. - Analyze operational trends to identify improvement opportunities and recommend strategic initiatives that enhance cybersecurity maturity. - Champion continuous improvement by evaluating new technologies, optimizing processes, and supporting ongoing analyst training and professional development. Qualifications - Must be able to obtain and maintain the appropriate VA background investigation and PIV credential required to perform the role. - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field (or equivalent combination of education and experience) and additional relevant experience may be substituted for education in accordance with contract guidelines. - Minimum of 5–8 years of progressive cybersecurity experience, including leadership or supervisory responsibilities. - Demonstrated experience implementing and managing cybersecurity programs aligned with NIST, FISMA, and ATO requirements. - Demonstrated ability to communicate effectively with technical teams, stakeholders, and leadership, including presenting cyber status, risks, and recommendations. - Strong leadership, communication, and stakeholder management skills with the ability to engage technical and executive audiences. - Experience developing policies, procedures, operational playbooks, and executive reporting. - Demonstrated ability to coordinate across cross-functional teams and drive alignment on security priorities and execution. Requirements - Professional cybersecurity certifications such as CISSP, CISM, Security +, or equivalent. Benefits - Medical, Dental, and Vision. - Health Saving Account (when enrolled in eligible plan) with Company contribution. - Company paid Life, Accidental Death, Short-term & Long-term Disability. - Voluntary Accident, Hospital Indemnity, & Critical Care Insurance. - Voluntary Medical & Dependent Care Flexible Spending Accounts. - Accrued Paid Time Off & Company Paid Holidays. - 401(k) Retirement Plan with Company match.

United States
$120K - $140K / year
EVOTEK logo

Director, Security Solutions – Pre-Sales Engineering

EVOTEK

Today’s Emerging Technology will be Tomorrow’s Competitive Advantage

Full TimeRemoteTeam 51-200H1B No Sponsor

• Oversee and manage the Security Solutions Engineering Team. • Provide thought-leadership, solution sales account planning, and technical pre-sales leadership for internal sales teams. • Lead a team of Solutions Engineers for the Security Practice. • Directly manage Security Solutions Engineers and Architects. • Responsible for interviewing, hiring and training employees; planning, assigning, and directing work; appraising performance, rewarding and disciplining employees; addressing complaints and resolving problems. • Lead go-to-market strategy, planning and execution for the Security Practice. • Drive execution of technical go-to-market plan with field sales. • Drive discovery and execution of cross-function solutions to advance our customer’s next generation programs. • Drive cross-functional education and execution across different technology disciplines. • Provide expertise and input to solution development process. • Create solution plays consisting of engineering led solutions that educate field sales on areas of expertise. • Maintain required technical certification requirements for key partners. • Ensure Solutions Architects and Engineers are managing opportunities and proactively driving to closure. • Demonstrate and actively promote an understanding and commitment to the mission of the company.

California
$200K - $240K / year