Scaling Trust as a Growth Strategy: Eileen Filmus on Brex’s GRC Evolution with Drata and SafeBase
Challenge
- Manual, repetitive evidence collection drained team resources
- One-off customer assurance requests and lengthy document exchanges slowed the sales cycle
- Limited visibility into compliance gaps created inefficiency and risk
- Need to manage multiple frameworks at scale (SOC 1, SOC 2, ISO 27001, NIST, GDPR)
“We didn’t want people doing manual or redundant tasks. We wanted them focused on strategy and on building a culture of trust that could scale.”
Solution
- Adopted Drata for continuous monitoring and tests, evidence collection automation, vendor management, and internal audit workflows
- Implemented SafeBase by Drata as a dynamic, public-facing Trust Center for customer assurance
- Integrated both platforms to unify internal GRC visibility with external trust transparency
- Enabled scalable, automated compliance monitoring and streamlined customer communications
“SafeBase by Drata made it easy to provide the right level of transparency to which we’ve committed from the beginning of Brex and it evolves with us.”
Impact Highlights
3x productivity increase Brex’s Gap Monitoring and Remediation process achieved a 2.6x productivity increase by expanding automated monitoring controls, enabling faster and more predictable remediation sequencing
5x faster internal audit process Drata’s continuous monitoring revealed compliance gaps faster, improving audit readiness and proactive risk mitigation.
Trust-Influenced Revenue The team established trust-influenced revenue as a measurable metric, connecting trust initiatives directly to business growth.
Background
Brex is the intelligent finance platform for modern businesses combining global corporate cards, expense management, banking, bill pay, and travel in one place.
Operating in the fast-moving fintech space, Brex is trusted by thousands of customers to handle sensitive financial data every day. That trust depends on demonstrating airtight security, privacy, and compliance.
As Brex expanded globally, the company’s security and compliance needs multiplied in complexity. Frameworks such as SOC 1, SOC 2, ISO 27001, NIST, and GDPR required precise evidence collection and constant monitoring across teams. Manual processes like spreadsheets and email threads quickly became barriers to scalability.
At the same time, customer demand for transparency was rising. Prospective clients wanted quick, secure access to Brex’s policies, certifications, and controls, but providing that information manually slowed both the Trust team and the sales process.
Under Eileen Filmus’s leadership, Brex’s Trust organization evolved from a compliance function into a strategic pillar supporting company growth and customer confidence. Her goal was to build a trust-first culture that could scale operationally while strengthening the company’s reputation as a transparent and secure fintech partner.
“If customers don’t trust us, we have no business. Trust is core to who we are.”
Implementation Journey: Confident, Collaborative, and Fast
The transition from Brex’s legacy GRC tool to Drata was, in Eileen’s words, “really, really smooth.” She described a collaborative onboarding process built around a series of working sessions where the Drata team quickly understood Brex’s pain points and offered guidance shaped by their experience with similar challenges. “They cared about how we’d use and grow alongside the tool long-term, not just about implementation,” she noted. This approach made the migration both efficient and low-lift for Brex. One standout moment was how quickly their vendor-management repository came online — a part of the program Eileen expected to take significantly longer given its complexity but was “up and running a lot faster than expected.”
Driving Productivity and Scale with Automation
Before Drata, compliance preparation required repetitive, manual work that took valuable time away from strategic projects. Evidence requests and control validations were spread across spreadsheets, screenshots, and Slack threads.
By automating control monitoring, evidence collection, and framework management, Drata enabled Brex to scale its GRC program without scaling headcount. Continuous monitoring provided visibility across frameworks like SOC 2 and ISO 27001, ensuring real-time assurance for internal stakeholders and auditors, even with an extremely lean team.
The automation didn’t just improve speed; it changed the team’s role. Instead of spending cycles chasing documents, the Trust team could focus on higher-value risk management and strategic enablement.
“I’ve been lucky to see the growth of the members of my team. They can leave busy work behind and focus on strategic initiatives that move the needle for our business.”
This shift also created measurable cultural impact. Brex’s GRC team is viewed as a strategic business partner, contributing directly to the company’s agility and reputation for reliability.
Enhancing Governance and Transparency
Brex’s customers, many in highly regulated industries, often request visibility into the company’s controls, policies, and certifications. Previously, this meant lengthy exchanges of static PDFs and one-off security questionnaires.
By integrating Drata and SafeBase, Brex created a single, connected system that unified internal assurance with external transparency. This ecosystem allows customers to self-serve, accessing up-to-date certifications and security documentation while the Brex team maintains complete control over access and updates.
“Our GRC and Trust Assurance workflow lets us hold ourselves to the same standards we expect of our vendors. That accountability goes both ways.”
The integration transformed customer assurance into a proactive, continuous process, strengthening trust, reducing friction, and shortening the security review cycle.
Accelerating Business Growth
Eileen Filmus and her team have redefined trust as a measurable business function, what they call “Trust GTM Enablement.” By quantifying how customer assurance and security transparency influence deal velocity and renewal rates, the Trust team positioned itself as a revenue enabler, not a cost center.
“Our role has expanded beyond compliance. We’re helping shape how Brex builds and sustains customer confidence at scale.”
Drata’s automation and SafeBase’s proactive visibility made this possible. With manual work eliminated and data centralized, the team can now demonstrate how every control, certification, and security conversation contributes to customer retention and acquisition. “We can tie due diligence impact directly to deals, understanding trust not as a cost center but a contributor to enabling the business.” Eileen said of their program now.
This approach has elevated trust to an enterprise-level KPI, influencing go-to-market strategy and helping Brex win with confidence.
What Drata Unlocked for the GRC Team
- Unified visibility across compliance frameworks and vendor risk
- Automated evidence collection and control monitoring to reduce manual lift
- Streamlined vendor management repository with faster onboarding
- Integrated SafeBase Trust Center for real-time customer transparency
- Strategic focus on scaling trust as a business growth function
“Drata and SafeBase have helped Brex honor our commitment to trust and articulate our security posture in the most efficient way.”
Future Outlook
Brex continues to scale its Trust operations through automation and AI innovation. With Drata’s AI Questionnaire Assistant (AIQA), the team automates RFP and security questionnaire responses, further reducing friction and freeing time for proactive risk mitigation.
For Eileen and her team, the vision is clear: Trust isn’t just a foundation; it’s a growth strategy driving Brex’s future.
“Now we can spend time where it really matters, mitigating risks and scaling trust.”
Latest Stories
Chart Your Course
Navigate to new worlds of trust with Drata.
Chart Your Course
Navigate to new worlds of trust with Drata.