Senior GRC Lead

### Senior GRC Lead#### San Francisco, California, United States Senior GRC Lead
** Why join us
** Brex is the AI-powered spend platform. We help companies spend with confidence with integrated corporate cards, banking, and global payments, plus intuitive software for travel and expenses. Tens of thousands of companies from startups to enterprises — including Door Dash, Flexport, and Compass — use Brex to proactively control spend, reduce costs, and increase efficiency on a global scale.

Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.
** Engineering
* * Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.
** What you’ll do
** Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets.

You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.
** Where you’ll work
** This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of two coordinated days in the office per week, Wednesday and Thursday. Starting February 2, 2026, we will require three days per week in office - Monday, Wednesday and Thursday.

As a perk, we also have up to four weeks per year of fully remote work!
** Responsibilities
* ** Manage and scale IT infrastructure, services and tooling
* Work with a diverse group of  IT partners to optimize our provided services
* Implement new services in support of Information Technologies vision
* Scale our services by implementing configuration as code via Terraform providers or APIs
* Operationalize and upskill IT…