Customer Trust Specialist

Legora Legora · Vertical AI · New York, NY · Security

This role focuses on customer trust, security, privacy, and compliance for an AI-native legal tech platform. The specialist will handle customer inquiries, security questionnaires (including AI sections), and audits, ensuring the company's AI governance posture is clearly communicated to clients. The role involves mastering the product, managing the trust portal, reviewing contractual terms, and driving improvements in response automation and processes. It requires translating technical AI controls into customer-friendly language and collaborating with internal teams like Information Security, Privacy, and Legal.

What you'd actually do

  1. Own customer trust requests end-to-end: security questionnaires (SIG, CAIQ, and bespoke), DDQs, and the security and AI sections of RFPs — delivering high-quality responses against agreed SLAs in time-sensitive sales and renewal cycles.
  2. Answer the AI-trust questions buyers now ask: questions on training-data handling and retention, model-provider subprocessors, data residency, and our EU AI Act, ISO/IEC 42001, and NIST AI RMF posture — coordinating with Privacy and Legal counsel on anything touching privilege or client confidentiality.
  3. Communicate with expertise: translate Legora's security, privacy, and AI-governance posture into clear, confident answers for customer CISOs, GCs, and procurement teams.
  4. Master the product and controls: develop deep expertise in Legora's platform, its security and compliance controls, and its AI supply chain, so you can resolve complex trust questions with sound judgment.
  5. Run the trust portal and evidence repository: keep the portal, SOC 2 / ISO reports, penetration-test summaries, DPAs, subprocessor and model-provider lists, and AI-governance documentation current, accurate, and self-serve.

Skills

Required

  • 3–5 years in customer trust, security GRC, security assurance, third-party risk, or a closely related customer-facing security or compliance role.
  • Owned complex, high-stakes B2B relationships with demanding security, procurement, and legal stakeholders
  • Translate technical security and AI-governance controls into clear, customer-ready answers
  • Notice patterns, anticipate objections before they escalate, and collaborate cross-functionally to drive lasting improvements.
  • Customer-obsessed, organized, and detail-oriented under deadline pressure.
  • Technically curious and comfortable learning new software, security concepts, and AI and compliance frameworks quickly.

Nice to have

  • Familiarity with SOC 2, ISO 27001, GDPR, and NIST, plus DPAs and subprocessor management.
  • Exposure to AI governance and assurance: EU AI Act, ISO/IEC 42001, NIST AI RMF, model-training and data-retention questions, and AI-subprocessor disclosure.
  • Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Implementer / Lead Auditor.
  • Experience with trust and GRC tooling such as Vanta, Drata, SafeBase, OneTrust, Conveyor, or Loopio.
  • A working understanding of cloud security and data-handling fundamentals — access, encryption, and data residency.
  • Background in SaaS, AI, or legal tech environments.

What the JD emphasized

  • AI sections of RFPs
  • AI-trust questions
  • AI-governance posture
  • AI supply chain
  • AI-assisted drafting