Location

We are hiring for this role to be based in the United States or Canada. This is a remote role unless you fall within the following parameters. If you live within approximately 50 miles of our San Mateo, CA or Provo, UT office, the position follows a hybrid schedule with in-office days on Mondays, Wednesdays, and Fridays.

About The Role

As a Privacy & Compliance Specialist, you'll support GC AI's security questionnaire process and day-to-day privacy and compliance operations. You'll report to the Manager, Legal & Business Operations and work alongside the Security Engineering and Legal teams. Enterprise customers and prospects need to understand how we handle their data, and you'll help the team get them accurate answers quickly. You'll also assist with maintaining GC AI's compliance program as we scale. This is an entry-level role with close mentorship and supervision, ideal for someone early in their career who is organized, detail-oriented, and eager to build a foundation in privacy and compliance at a fast-growing AI company.

The Impact You Will Have

• Help keep security questionnaires and compliance reviews from becoming bottlenecks in the sales cycle.
• Contribute to building and maintaining the knowledge base that powers fast, consistent responses to customer security and privacy inquiries.
• Support GC AI's compliance posture through accurate record-keeping, documentation, and audit preparation.
• Serve as a reliable operational resource connecting Legal, Security Engineering, and go-to-market teams on privacy and compliance tasks.

What You'll Do

• Assist with the security questionnaire process: draft responses using existing templates and the centralized answer repository, coordinate with internal subject matter experts, and track deadlines.
• Help maintain and update the centralized repository of security questionnaire responses under the guidance of your manager.
• Support privacy and compliance program operations, including updating records of processing activities, data maps, and policy documentation.
• Assist with preparation for and maintenance of security certifications and frameworks (SOC 2, ISO 27001, etc.) by gathering evidence and organizing documentation.
• Track privacy and compliance regulatory developments flagged by the Legal team, and help keep internal tracking materials current.
• Coordinate with Security Engineering to collect technical inputs for questionnaire responses and compliance documentation.
• Support internal audits, vendor assessments, and third-party due diligence requests by compiling requested materials.
• Help maintain and update GC AI's privacy policies, cookie policies, and customer-facing compliance documentation as directed.
• Assist the Legal team with DPA-related tasks such as logging requests, tracking status, and organizing executed agreements.
• Take on additional projects and tasks as needed in response to the evolving needs of a fast-growing startup.

Required Experience

• Bachelor's degree.
• 0-2 years of professional experience (internships, co-ops, or part-time roles count).
• Strong organizational skills with the ability to track multiple tasks and deadlines with close attention to detail.
• Excellent written communication: you can write clearly, accurately, and concisely.
• High attention to detail and a low tolerance for errors.
• Comfort learning new software tools quickly (Google Workspace, Slack, project management tools).
• Genuine interest in privacy, data protection, information security, or compliance as a career path.
• A proactive attitude: you follow instructions carefully, ask good questions when something is unclear, and don't let tasks fall through the cracks.

Nice To Have

• 2-5 years of professional experience.
• Coursework, internship, or early career experience in privacy, compliance, information security, legal operations, or a related field.
• Exposure to security questionnaires, RFPs, or compliance assessments in any capacity.
• Familiarity with concepts like SOC 2, ISO 27001, GDPR, or CCPA (even from coursework or self-study).
• Privacy or security certification in progress or planned (CIPP/US, CIPP/E, CIPM, CompTIA Security+, or similar).
• Experience with tools like Vanta, Drata, OneTrust, or Whistic.
• Experience working in or interning at a SaaS, AI, or legal technology company.
• You are already a GC AI user.