Brex
Senior
Senior GRC Lead at Brex — turning compliance frameworks into automated controls
Brex is hiring a Senior GRC Lead to sit at the intersection of security, engineering, and compliance, automating SOC 2/PCI DSS/ISO 27001 controls and building integrations between security tools and GRC platforms. This interview probes hands-on Python/API automation skill combined with deep audit and framework knowledge, not just policy-writing.
Step into this interview
Free · a live voice mock calibrated to this exact role
What this interview tests
- Automating security/compliance controls (Python + APIs) rather than manual evidence collection
- Working knowledge of SOC 2, PCI DSS, ISO 27001, NIST CSF in cloud-native environments
- Building integrations between security tools and GRC platforms
- Designing continuous monitoring and automated control testing
- Cross-functional translation of compliance requirements into engineering specs
- AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act) awareness
Common question themes
Walk me through a manual compliance process you automated — what was the before/after
How would you design a continuous control-monitoring system for a cloud-native SOC 2 program
Tell me about a time you had to translate a regulatory requirement into a technical spec for engineers
How do you prioritize across simultaneous audits (SOC 2, PCI DSS, SOX/ITGC) with limited engineering bandwidth
Describe an integration you built between a security tool and a GRC/compliance platform
How would you approach securing or governing an agentic AI system under emerging frameworks