All interviews

Brex

Senior

Senior GRC Lead at Brex — turning compliance frameworks into automated controls

Brex is hiring a Senior GRC Lead to sit at the intersection of security, engineering, and compliance, automating SOC 2/PCI DSS/ISO 27001 controls and building integrations between security tools and GRC platforms. This interview probes hands-on Python/API automation skill combined with deep audit and framework knowledge, not just policy-writing.

Step into this interview

Free · a live voice mock calibrated to this exact role

Practice this interview

What this interview tests

  • Automating security/compliance controls (Python + APIs) rather than manual evidence collection
  • Working knowledge of SOC 2, PCI DSS, ISO 27001, NIST CSF in cloud-native environments
  • Building integrations between security tools and GRC platforms
  • Designing continuous monitoring and automated control testing
  • Cross-functional translation of compliance requirements into engineering specs
  • AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act) awareness

Common question themes

Walk me through a manual compliance process you automated — what was the before/after

How would you design a continuous control-monitoring system for a cloud-native SOC 2 program

Tell me about a time you had to translate a regulatory requirement into a technical spec for engineers

How do you prioritize across simultaneous audits (SOC 2, PCI DSS, SOX/ITGC) with limited engineering bandwidth

Describe an integration you built between a security tool and a GRC/compliance platform

How would you approach securing or governing an agentic AI system under emerging frameworks

View the original posting