# GRC Program Manager
**Company:** [Astra](https://hotfix.jobs/companies/astra)
**Location:** Remote
**Salary:** $95K-$135K
**Experience:** 3+ years
**Skills:** Soc 1, SOC 2, Pci Dss, ISO 27001, Nist Csf, Grc Platforms, Cloud Infrastructure, SDLC, Identity And Access Management, Logging, Monitoring, Risk Assessment, Vendor Risk Management, Audit Management, Control Design
**Posted:** 2026-04-03
> Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.
## Job Description
## What You’ll Do

### Audit Execution & Readiness
- Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.

### Control Design & Documentation
- Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business.

### Cross-Framework Mapping
- Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.

### Risk Management
- Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.

### Engineering Partnership
- Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.

### Vendor Risk Management
- Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.

### Customer Trust & Due Diligence
- Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.

### Continuous Compliance
- Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows.

### Metrics & Reporting
- Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

## What We’re Looking For

### Required Experience
- 3–6+ years of experience in governance, risk, compliance, audit, or information security roles.
- Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred.
- Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice.
- Experience working cross-functionally with engineering, product, and operations teams in a technical environment.
- Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts.
- Comfort operating in fast-moving environments where priorities evolve and ambiguity is common.
- Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale.
- Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes.

**Education**  
**Bachelor’s degree** in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience).

### Preferred Experience
- Fintech / Payments: Experience operating in regulated environments involving payments, banking partners, PCI, or financial audits.
- ISO 27001: Experience supporting certification or operating within an ISO-aligned ISMS.
- Automation & Tooling: Experience implementing compliance tooling, evidence automation, or GRC platforms.
- Vendor Risk Programs: Hands-on ownership of third-party risk management workflows.
- Startup Environment: Experience building or scaling compliance programs in high-growth companies.

### Key Skills
- **Audit Operations**: Scoping, walkthroughs, evidence management, remediation tracking, auditor coordination.
- **Control Design**: Ability to translate regulatory requirements into clear, testable, and scalable controls.
- **Risk Assessment**: Experience performing system, vendor, and operational risk assessments with structured methodologies.
- **Technical Fluency**: Working understanding of cloud infrastructure, identity and access management, logging, monitoring, SDLC, and security tooling.
- **Documentation & Writing**: Strong ability to produce clear policies, procedures, narratives, and evidence artifacts.
- **Project Management**: Ability to manage multiple parallel audits, initiatives, and stakeholders while maintaining quality and deadlines.
- **Communication**: Ability to explain complex compliance concepts clearly to engineers, auditors, leadership, and external partners.
- **Operational Rigor**: Highly organized with strong attention to detail and follow-through.

## What We Offer
- Competitive compensation with equity in a growing fintech company.
- Remote-first culture with flexible working arrangements.
- Small team, big impact — your work directly supports Astra’s ability to scale responsibly.
- Professional growth opportunities in compliance and risk management.
- Mission-driven — build infrastructure that powers financial innovation while meeting the highest regulatory standards.
**Apply:** https://hotfix.jobs/jobs/grc-program-manager-at-astra-5b121fcc-25d9-471c-a57f-273f2ea2942b
**Canonical:** https://hotfix.jobs/jobs/grc-program-manager-at-astra-5b121fcc-25d9-471c-a57f-273f2ea2942b