Senior GRC Lead

Brex•Seattle, WA

2d•Hybrid

About The Position

Brex is seeking a Senior GRC Engineer to drive critical GRC processes that mitigate risk, ensure compliance, and build trust with customers and partners. This role involves evolving the technical foundation of the Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes for efficient compliance as Brex expands. The position operates at the intersection of security, engineering, and compliance, translating regulatory requirements into technical solutions and building automation to eliminate manual tasks. The Senior GRC Engineer will leverage expertise in SOC 2, PCI DSS, ISO 27001, and AI governance frameworks to design controls for emerging requirements and mature existing programs through automation and continuous monitoring. This role will support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Collaboration with Engineering, Infrastructure, and Product teams is key to translating compliance frameworks into technical controls and building automated systems for world-class security. Contributions will directly accelerate Brex's maturity by designing workflows, building integrations, creating dashboards for security metrics, implementing controls, supporting audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contributing to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act). The role offers autonomy to build innovative solutions and communicate technical concepts effectively across the organization.

Requirements

5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems.
Ability to read code, design integrations, and understand technical implementations.
Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics.
Exceptional cross-functional collaboration and communication skills. Ability to translate complex compliance requirements into technical specifications that engineering teams can implement and influence stakeholders across technical and non-technical domains.
Strong systems thinking. Ability to design scalable GRC architectures that grow with the company.
Bias for action. Self-starter who ships solutions quickly and iterates based on feedback.

Nice To Haves

Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
Hands-on experience with Tines or other SOAR platforms to automate security operations.
Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
Relevant industry certifications such as CISSP, CISA, or CCSP.
Experience building metrics dashboards for security visualization and reporting.
Active contributions to the GRC or Security community through open-source projects or public research.

Responsibilities

Manage and scale IT infrastructure, services and tooling
Work with a diverse group of IT partners to optimize our provided services
Implement new services in support of Information Technologies vision
Scale our services by implementing configuration as code via Terraform providers or APIs
Operationalize and upskill IT and its partners by producing documentation and leading training sessions
Evangelize best practices both internally and externally facing