GRC Analyst

GRC Analyst ABOUT ASTRA Astra is building mission-critical infrastructure for moving money at scale. Our platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems. We provide APIs and automation tools that enable businesses to move money programmatically while maintaining strict regulatory requirements. THE ROLE As Astra’s first dedicated GRC Analyst, you will be at the center of how we build trust, scale responsibly, and operate with regulatory excellence. This is more than a traditional compliance role – it’s an opportunity to design the governance, risk, and compliance foundation that enables Astra to grow quickly while meeting the expectations of banks, enterprise customers, auditors, and regulators. You’ll own the full spectrum of GRC execution: driving SOC 1, SOC 2, PCI DSS, and ISO 27001 programs end-to-end, translating regulatory requirements into practical technical controls, building high-quality documentation and evidence, and helping teams embed security and compliance into everyday operations. You’ll partner closely with engineering and infrastructure teams to ensure controls are real, automated where possible, and aligned with how the platform actually runs. Because this is an early hire on the compliance team, you’ll have direct input into how Astra structures its audit programs, risk management processes, vendor due diligence workflows, and compliance tooling. You’ll collaborate with leaders across engineering, product, operations, and leadership to build scalable systems that reduce friction while increasing assurance and visibility. This role is perfect for someone who enjoys rolling up their sleeves to execute today while also designing durable systems for tomorrow – someone who sees compliance not as a checkbox exercise, but as a strategic advantage for building trusted financial infrastructure. WHAT YOU’LL DO - Audit Execution & Readiness: Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking. - Control Design & Documentation: Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business. - Cross-Framework Mapping: Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements. - Risk Management: Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk. - Engineering Partnership: Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response. - Vendor Risk Management: Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners. - Customer Trust & Due Diligence: Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships. - Continuous Compliance: Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows. - Metrics & Reporting: Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership. WHAT WE’RE LOOKING FOR Required Experience - 3–6+ years of experience in governance, risk, compliance, audit, or information security rolls. - Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred. - Strong working knowledge of comp ... (truncated, view full listing at source)