astra - GRC Program Manager
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 3–6+ years of experience in governance, risk, compliance, audit, or information security rolls. • Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred. • Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice. • Experience working cross-functionally with engineering, product, and operations teams in a technical environment. • Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts. • Comfort operating in fast-moving environments where priorities evolve and ambiguity is common. • Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale. • Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes. • Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience). • Fintech / Payments: Experience operating in regulated environments involving payments, banking partners, PCI, or financial audits. • ISO 27001: Experience supporting certification or operating within an ISO-aligned ISMS. • Automation & Tooling: Experience implementing compliance tooling, evidence automation, or GRC platforms. • Vendor Risk Programs: Hands-on ownership of third-party risk management workflows. • Startup Environment: Experience building or scaling compliance programs in high-growth companies. • Audit Operations: Scoping, walkthroughs, evidence management, remediation tracking, auditor coordination. • Control Design: Ability to translate regulatory requirements into clear, testable, and scalable controls. • Risk Assessment: Experience performing system, vendor, and operational risk assessments with structured methodologies. • Technical Fluency: Working understanding of cloud infrastructure, identity and access management, logging, monitoring, SDLC, and security tooling. • Documentation & Writing: Strong ability to produce clear policies, procedures, narratives, and evidence artifacts. • Project Management: Ability to manage multiple parallel audits, initiatives, and stakeholders while maintaining quality and deadlines. • Communication: Ability to explain complex compliance concepts clearly to engineers, auditors, leadership, and external partners. • Operational Rigor: Highly organized with strong attention to detail and follow-through.
Responsibilities
• Audit Execution & Readiness: Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking. • Control Design & Documentation: Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business. • Cross-Framework Mapping: Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements. • Risk Management: Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk. • Engineering Partnership: Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response. • Vendor Risk Management: Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners. • Customer Trust & Due Diligence: Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships. • Continuous Compliance: Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows. • Metrics & Reporting: Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.
Benefits
• Trust is foundational to everything Astra builds. Our customers, bank partners, and regulators depend on the strength of our control environment, operational discipline, and risk management practices. • As a GRC Program Manager, your work will directly: • Enable Astra to scale responsibly while maintaining strong audit outcomes and regulatory credibility. • Reduce friction for engineering and product teams by building clear, pragmatic compliance processes. • Support enterprise sales and partnerships by strengthening customer trust and security posture. • Improve operational maturity through automation, documentation quality, and continuous improvement. • This role is not just about passing audits – it’s about building durable infrastructure that allows Astra to grow faster and more confidently. • Competitive compensation with equity in a growing fintech company. • Remote-first culture with flexible working arrangements • Small team, big impact — your work directly supports Astra’s ability to scale responsibly • Professional growth opportunities in compliance and risk management • Mission-driven — build infrastructure that powers financial innovation while meeting the highest regulatory standards • REMOTE WORK AND CULTURE
No credit card. Takes 10 seconds.