Why join us

Brex is reimagining financial systems so every growing company can realize their full potential. As the financial OS, we’re building software and services in one place—disrupting long-entrenched institutions with products and experiences that better serve the ambitions of our customers.

Working at Brex allows you to push your limits, challenge the status quo, and collaborate with some of the brightest minds in the industry. We’re committed to building a diverse team and inclusive culture and believe your potential should only be limited by how big you can dream. We make this a reality by empowering you with the tools, resources, and support you need to grow your career.

Engineering at Brex

The Engineering team includes Data, IT, Security, and Software, and is responsible for building innovative products and infrastructure for Brex and our customers. We believe that engineers should accelerate the business through technology, and collaborate across multiple teams to accomplish that. 

Teams are autonomous, value inclusivity, eager to learn, teach and constantly improve how things work. The software we build today is the foundation for dozens of Brex systems in the future, so engineers have a strong sense of ownership and accountability and take pride in their craft. 

What you’ll do

Building world-class financial services requires world-class security. As a Security Compliance and IT Governance Lead on the GRC team, you will drive high-impact cross-organization security, risk, compliance & privacy initiatives. You’d advocate for security and privacy across the company, lead and scale compliance efforts while being hands-on yourself and help execute on high-impact company-wide initiatives related to GRC. 

GRC’s mission is to instill trust in Brex from our customers, regulators, partners, and workforce in order to enable the company’s continued growth by maturing our security posture, maintaining compliance, optimizing security practices, and mitigating enterprise risk. We serve as the business side of Trust, and of Compliance as the what, Governance as the how, and Risk as the why, of Trust. GRC is part of the Trust team, which is part of the Engineering organization. Alongside GRC, Trust also includes Security Engineering and IT. 

Responsibilities

The GRC team handles a wide range of cross-functional activities from certification audits to vendor risk, security education, access control, policy, and many more. On the compliance front in particular, GRC is working concurrently on aligning to SOC 2, PCI, FINRA, Internal Audit readiness and risk assessments, and a number of other frameworks. 

Each of these ongoing parallel activities require control interpretation, effectiveness assessment, interviews, gap identification, evidence collection, recommendations & roadmapping, cross-functional buy-in for gap closure, remediation, control tracking/monitoring, etc. We are seeking a Security Compliance and IT Governance expert who would help us scale these components of our GRC program, including streamlining and automating where possible. We are seeking a colleague who strives to go above and beyond industry standards in every aspect of GRC. 

• Understand and interpret requirements across relevant frameworks, map overlapping standards
• Assess the effectiveness of internal controls; collect evidentiary artifacts and identify gaps
• Create and execute on remediation roadmaps, obtain cross-functional buy-in for gap closure, and monitor the continuous maintenance and evidence collection of effective controls
• Build strong and contextual IT governance procedures (such as charters, steering committees, and approval flows) that are commensurate to our maturity level
• Help secure workflows, products, and operations across the company by identifying risk areas, providing recommendations on security compliance and IT governance best practices and authoring respective policies and procedures around security, data governance, and risk
• Help build metrics to track opportunities for improvement and automate collection of security information

Requirements

• Deep understanding of compliance standards such as SOC 2, PCI, NIST, COBIT, ITIL, ISO 27001, GDPR, and willingness to learn others
• Proven track record of building and scaling successful compliance, security & risk assurance programs and methodologies
• Strong written and verbal communication skills, with a talent for precise and clear articulation of complex concepts
• Stitching many different services and processes together, even if you have not worked with them before

Bonus points

• Experience working in financial services such as a bank or fintech
• Experience working at a major auditing firm