Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Building world-class financial services requires world-class security. As a GRC Intern on the Trust team, you will work on high-impact cross-organization governance, risk, and compliance initiatives. You’d advocate for security across the company and scale Trust efforts while executing hands-on yourself.

GRC’s mission is to instill trust in Brex from our customers, regulators, partners, and workforce in order to enable the company’s continued growth by maturing our security posture, maintaining compliance, optimizing security practices, and mitigating enterprise risk. We serve as the business side of Trust, and of Compliance as the what, Governance as the how, and Risk as the why, of Trust.

Where you'll work

This role will be based in our São Paulo office. You must be willing to work in office at least 2 days per week on Wednesday and Thursday.

Responsibilities

The GRC team handles a wide range of cross-functional activities from security compliance certifications and audits to risk management, vendor reviews, inbound due diligence, security education, access control, policy and procedures, and many more. Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy. We always strive to go above and beyond industry standards in every aspect of GRC while keeping a balance with supporting the business’s goals. GRC is responsible for key programs that allow us to pass our audit requirements and underpin our risk management mandate. Each of these require strategic thinking and operational execution.

As a GRC intern, you will get hands-on experience in the Trust field by developing your skills across numerous impactful operational tasks, in turn contributing to the strategy and evolving maturity of our Trust posture.

• Work under the guidance of seasoned GRC experts and gain exposure to a range of crossfunctional programs and processes, both technical and business-centric.
• Conduct third party risk due diligence activities, namely identifying and assessing risks associated with existing and new vendor relationships prior to procurement and periodically thereafter, continuously monitoring for any relevant changes to the risk level or engagement scope. Where findings are identified during assessments, you would ensure plans of actions and check-ins are in place.
• Other Operational GRC Tasks
• GTM Enablement support
• Tooling access requests
• Contractor request reviews
• Travel security request reviews
• Security compliance evidence collection
• Triaging of questions and requests for the GRC team (and learning to provide risk advisory over time!)
• Policy review and revision

Requirements

• Diligence and attention to detail in both process and content, strong written and verbal communication skills, with a talent for precise and clear articulation of complex concepts
• Proven track record of cross-functional collaboration
• An aptitude for representing the needs of both your team, other stakeholders, and the overall business
• Ability to work in a fast-paced environment and address difficult situations in a professional manner
• Strong interpersonal skills and comfortable working across various functions
• Being innovative and providing “outside of the box” solutions
• Passion for having an owner’s mentality towards responsibilities
• Find opportunities for operational efficiency via AI and automation

Bonus points:

• Experience at technology, security, or risk focused companies
• Fluency with other GRC operational work and security support tasks such as policy revision, audit preparation and evidence collection, process design and improvement, customer/prospect/partner assurance, etc.
• Experience working in or with startups, especially during periods of hypergrowth
• Knowledge of fundamental security concepts and domains, in order to both assess the vendor’s security practices and also to define and document requirements on how we should safely use their products and/or services to mitigate relevant threats and how the implementation of a vendor may impact the security posture of the current environment