GRC Analyst
Location
United States
Posted
38 days ago
Salary
$95K - $135K / year
Bachelor Degree3 yrs expEnglishCloudSDLC
Job Description
• Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
• Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business.
• Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.
• Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.
• Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.
• Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.
• Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.
• Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows.
• Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.
Job Requirements
- 3–6+ years of experience in governance, risk, compliance, audit, or information security roles.
- Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred.
- Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice.
- Experience working cross-functionally with engineering, product, and operations teams in a technical environment.
- Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts.
- Comfort operating in fast-moving environments where priorities evolve and ambiguity is common.
- Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale.
- Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes.
- Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience).
Benefits
- Competitive compensation with equity in a growing fintech company.
- Remote-first culture with flexible working arrangements
- Small team, big impact — your work directly supports Astra’s ability to scale responsibly
- Professional growth opportunities in compliance and risk management
- Mission-driven — build infrastructure that powers financial innovation while meeting the highest regulatory standards
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Compliance38 days ago
Full TimeRemoteTeam 501-1,000
Senior Manager ensuring compliance for solar EPC projects
ERP
Pennsylvania
Compliance39 days ago
Full TimeRemoteTeam 5,001-10,000
The IT Security Governance, Risk & Compliance (GRC) Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance init...
United States
Compliance41 days ago
Full TimeRemoteTeam 11-50H1B No Sponsor
Sr. Regulatory Affairs Specialist handling product development and regulatory activities at DeepHealth
Compliance41 days ago
Full TimeRemoteTeam 10,001+Since 1980H1B Sponsor
United States Regulatory Lead overseeing U.S. regulatory strategy for obesity therapies at Amgen
