Brex Inc

Senior GRC Lead

Brex Inc$153K — $192K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in GRC, IT Governance, or Security Engineering, focused on automating compliance workflows.
  • Deep familiarity with security frameworks like SOC 2, PCI DSS, ISO 27001, and NIST CSF in cloud environments.
  • Technical skills in Python or similar languages, building API integrations between security tools and GRC systems.
  • Experience designing automated control testing and continuous monitoring systems.
  • Strong ability to communicate complex compliance requirements to both technical and non-technical teams.
  • Systems thinking to create scalable GRC architectures that support long-term growth.
  • Self-motivated with a proactive approach to delivering solutions.

Responsibilities

  • Drive GRC processes to mitigate risks and ensure compliance.
  • Evolve Trust program through automation and integration of security tools and GRC platforms.
  • Implement controls and support audits for standards like SOC 2 and PCI DSS.
  • Design scalable workflows and dashboards for monitoring security metrics.
  • Translate compliance frameworks into actionable technical controls.

Benefits

  • Hybrid work environment with flexible remote work options.
  • Up to four weeks of fully remote work per year.
  • Collaborative culture with opportunities for innovation across teams.
Full Job Description
What you'll do

Brex's Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we're seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance - translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You'll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you'll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities
  • Manage and scale IT infrastructure, services and tooling
  • Work with a diverse group of IT partners to optimize our provided services
  • Implement new services in support of Information Technologies vision
  • Scale our services by implementing configuration as code via Terraform providers or APIs
  • Operationalize and upskill IT and its partners by producing documentation and leading training sessions
  • Evangelize best practices both internally and externally facing

Requirements
  • 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
  • Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
  • Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
  • Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
  • Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
  • Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
  • Bias for action.You're a self-starter who ships solutions quickly and iterates based on feedback.

Bonus points
  • Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
  • Hands-on experience with Tines or other SOAR platforms to automate security operations.
  • Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
  • Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
  • Relevant industry certifications such as CISSP, CISA, or CCSP.
  • Experience building metrics dashboards for security visualization and reporting.
  • Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate's location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

About Brex Inc

Brex is a financial services company that offers credit cards and cash management accounts to technology companies. Brex was founded in 2017 by Henrique Dubugras and Pedro Franceschi. The company is headquartered in San Francisco, California. Brex offers a credit card designed specifically for startups, which does not require a personal guarantee or deposit. The company also offers a cash management account that allows businesses to manage their finances in one place. Brex has raised over $300 million in funding from investors including Y Combinator, Peter Thiel, and Max Levchin.
Learn more about Brex Inc
Size
500 employees
Industry
Founded
2017

Similar Jobs

More Jobs at Brex Inc

More Finance & Insurance Jobs

Find similar Senior GRC Lead jobs: