GRC Program Manager

About Astra

Astra is building mission-critical infrastructure for moving money at scale. Our platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems. We provide APIs and automation tools that enable businesses to move money programmatically while maintaining strict regulatory requirements.

The Role

As Astra’s first dedicated GRC Program Manager, you will be at the center of how we build trust, scale responsibly, and operate with regulatory excellence. This is more than a traditional compliance role – it’s an opportunity to design the governance, risk, and compliance foundation that enables Astra to grow quickly while meeting the expectations of banks, enterprise customers, auditors, and regulators.

Responsibilities

• Audit Execution & Readiness: Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
• Control Design & Documentation: Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business.
• Cross-Framework Mapping: Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.
• Risk Management: Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.
• Engineering Partnership: Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.
• Vendor Risk Management: Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.
• Customer Trust & Due Diligence: Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.
• Continuous Compliance: Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows.
• Metrics & Reporting: Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

Requirements

• 3–6+ years of experience in governance, risk, compliance, audit, or information security rolls.
• Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred.
• Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice.
• Experience working cross-functionally with engineering, product, and operations teams in a technical environment.
• Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts.
• Comfort operating in fast-moving environments where priorities evolve and ambiguity is common.
• Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale.
• Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes.

Education

Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience).

Preferred Experience

• Fintech / Payments: Experience operating in regulated environments involving payments, banking partners, PCI, or financial audits.
• ISO 27001: Experience supporting certification or operating within an ISO-aligned ISMS.
• Automation & Tooling: Experience implementing compliance tooling, evidence automation, or GRC platforms.
• Vendor Risk Programs: Hands-on ownership of third-party risk management workflows.
• Startup Environment: Experience building or scaling compliance programs in high-growth companies.