Compliance Manager, Privacy & Accessibility

Compliance at Brex
The Compliance team helps the company grow responsibly, advocating for Brex and for the tens of thousands of growing businesses we serve. We own the compliance policies for Brex, provide strategic advice and guidance to all Brex teams, protect Brex from financial crime and other compliance risks, and represent the company externally on key regulatory and policy issues. Reimagining the financial system in a highly regulated environment requires creativity and resourcefulness, and we welcome the challenge.

What you’ll do
As a Compliance Manager at Brex, you will play a critical role in ensuring compliance with regulatory requirements and internal policies regarding data privacy and AI usage. The Compliance Manager, Privacy & Accessibility role will be responsible for developing, implementing, and maintaining a robust privacy program to ensure the organization's compliance with all applicable data privacy laws and regulations, including but not limited to GDPR, CCPA, and other global privacy requirements. This role will serve as the subject matter expert on privacy matters and will work cross-functionally to embed privacy by design principles into all business processes. The role will report directly to Brex’s Global Chief Compliance Officer. 

Where you'll work

This role will be based in our Sao Paulo office. You must be willing to work in office at least 2 days per week on Wednesday and Thursday, starting the week of September 1st, 2025, when we open our Sao Paulo office. Employees will be able to work remotely for up to 4 weeks per year.

Responsibilities 

Develop and Implement Privacy Programs:

• Establish and maintain a comprehensive privacy framework aligned with relevant laws and regulations.
• Work cross-functionally with IT, Info Security, Legal, and other departments to develop and implement privacy policies, procedures, and standards and ensure privacy compliance.
• Conduct privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).
• Manage and maintain records of data processing activities.

• Monitor and assess the organization's compliance with privacy laws and regulations.
• Manage audits related to WCAG standards and digital accessibility, working with Engineering, Product, and Design teams to remediate and address findings.
• Partner with internal and external auditors to conduct regular internal audits and reviews to identify and mitigate privacy risks.
• Manage and respond to data subject requests (DSARs).
• Oversee ongoing third-party vendor privacy compliance, in partnership with Brex’s Info Sec/GRC function
• Develop and deliver privacy training programs for employees and contractors and promote a culture of privacy awareness throughout the organization.
• Investigate and respond to data breaches and privacy incidents.
• Stay up-to-date on changes to privacy laws and regulations.
• Advise senior management on privacy risks and compliance requirements.
• Interact with regulatory bodies and external auditors as needed
• Work with Legal counsel to maintain compliance.

Requirements

• 5+ years of working experience with data privacy issues, preferably in financial institutions or technology and fintech companies
• Exceptional judgment and integrity, ability to handle complex matters independently, and product-minded approach to compliance
• Strong knowledge of global privacy laws and regulations, including GDPR, CCPA, GLBA, and others.
• Experience conducting PIAs and DPIAs.
• Experience managing data subject requests (DSARs).
• Excellent communication, interpersonal, and presentation skills.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.  
• Relevant certifications (e.g., CIPP, CIPM, CIPT) are highly desirable.
• Experience in incident response and breach notification.
• Experience managing vendor privacy compliance.
• Detail-oriented, accurate, organized, and able to set priorities
• Ability to multi-task and adapt to shifting priorities in a fast-paced environment

Preferred Qualifications:

• Experience with international data transfer mechanisms.
• Working knowledge of AI compliance frameworks

*Applications, including resumes, must be submitted in English in order to be considered for the role