Senior GRC Lead
Brexit Overview
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in more than 200 markets. By combining global corporate cards and banking with intuitive spend management, bill pay, and travel software, Brex enables founders and finance teams to accelerate operations, gain real-time visibility, and control spend effortlessly. Brex’s AI-native automation and world-class service eliminate manual expense and accounting tasks for customers so they can focus on what matters most.
Engineering
Brex’s Engineering team is dedicated to building systems that scale with speed and intention. They span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. They tackle hard technical problems, own their outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.
What You’ll Do
- Manage and scale IT infrastructure, services and tooling
- Work with a diverse group of IT partners to optimize our provided services
- Implement new services in support of Information Technologies vision
- Operationalize and upskill IT and its partners by producing documentation and leading training sessions
- Evangelize best practices both internally and externally facing
Responsibilities
- Manage and scale IT infrastructure, services and tooling
- Work with a diverse group of IT partners to optimize our provided services
- Implement new services in support of Information Technologies vision
- Operationalize and upskill IT and its partners by producing documentation and leading training sessions
- Evangelize best practices both internally and externally facing
Requirements
- 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows
- Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments
- Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations
- Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them
- Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains
- Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit
- Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback
Bonus Points
- Previous experience in Fintech or banking environments navigating complex regulatory landscapes
- Hands-on experience with Tines or other SOAR platforms to automate security operations
- Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems
- Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices
- Experience building metrics dashboards for security visualization and reporting
- Active contributions to the GRC or Security community through open-source projects or public research
Compensation
The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.