Skip to content
BrexBrexSeattle, WA

Senior GRC Lead

Senior GRC Engineer at Brex automating compliance workflows, building security tool integrations and GRC automations, implementing controls for frameworks like SOC 2/PCI/ISO, and supporting audits while translating regulatory needs into technical solutions. Requires 5+ years GRC/security engineering experience, Python/API skills, and a builder mindset for scalable automation.

154k – 192k/yr
Hybrid5+ YOESecurity Engineering

About the role

Responsibilities

  • Drive critical GRC processes that mitigate risk, maintain compliance, and build trust with customers and partners.
  • Evolve the technical foundation of the Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes.
  • Translate regulatory requirements into technical solutions and build automation that eliminates manual toil.
  • Leverage understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks to design controls for emerging requirements and mature existing programs through automation and continuous monitoring.
  • Support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives.
  • Work with Engineering, Infrastructure, and Product teams to translate compliance frameworks into technical controls and build automated systems.
  • Design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics.
  • Implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).
  • Collaborate cross-functionally to implement controls that enable growth while communicating technical concepts effectively.

Requirements

  • 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
  • Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
  • Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. Ability to read code, design integrations, and understand technical implementations.
  • Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics.
  • Exceptional cross-functional collaboration and communication skills. Ability to translate complex compliance requirements into technical specifications and influence stakeholders.
  • Strong systems thinking to design scalable GRC architectures.
  • Bias for action; self-starter who ships solutions quickly and iterates based on feedback.

Nice-to-Haves

  • Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
  • Hands-on experience with Tines or other SOAR platforms to automate security operations.
  • Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
  • Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
  • Relevant industry certifications such as CISSP, CISA, or CCSP.
  • Experience building metrics dashboards for security visualization and reporting.
  • Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. The starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Skills

GRCSOC 2Pci DssISO 27001Nist CsfPythonAPIsTinesSoarAWSGCPTerraformCisspCisaCcsp
Square

Senior Security Engineer, Security Engineering & Operations

SquareSan Francisco, CA

Design and build scalable cloud-native security data pipelines and detection systems. Collaborate on detection engineering and Kubernetes security controls while participating in on-call rotations.

153k – 270k/yr
On-site5+ YOESecurity Engineering
1Password

Senior Security Engineer, GRC Automation

1PasswordUnited States

Senior Security Engineer focused on GRC automation: building AI-assisted workflows, Drata integrations, and compliance automation infrastructure for SOC 2, ISO 27001, and NIST frameworks.

153k – 214k/yr
Remote5+ YOESecurity Engineering
1Password

Senior Developer, Product Security

1PasswordUnited States

Senior security-focused developer implementing new security features and secure libraries for iOS and hybrid apps at 1Password. Requires 5+ years of security development experience, 3+ years with iOS and Rust.

153k – 214k/yr
Remote5+ YOESecurity Engineering
Censys

Senior Security Research Scientist

CensysSan Francisco, CA +3

Conducts internet-wide security research using scan data to identify trends, vulnerabilities, and threats. Analyzes large datasets with tools like BigQuery and Snowflake, partners with engineering teams, and shares insights publicly. Requires deep knowledge of internet protocols.

153k – 212k/yr
RemoteSecurity Engineering
1Password

Senior Developer (Windows), Product Security

1PasswordUnited States

Senior Developer builds Windows security features using Rust and other languages, develops secure libraries, resolves vulnerabilities, and leads secure coding practices. Requires 4+ years experience in Windows security development and cryptography.

153k – 214k/yr
Remote4+ YOESecurity Engineering