GRC Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Astra · 1 day ago

GRC Analyst

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$95K/yr - $135K/yr
date3+ years exp

Astra is building mission-critical infrastructure for moving money at scale. As Astra’s first dedicated GRC Analyst, you will design the governance, risk, and compliance foundation that enables Astra to grow quickly while ensuring regulatory excellence.

Financial ServicesFinTechPersonal FinanceSoftware
badNo H1Bnote

Responsibilities

Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business
Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements
Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk
Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response
Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners
Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships
Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows
Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership

Qualification

SOC 1 auditsSOC 2 auditsISO 27001PCI DSSRisk ManagementCompliance frameworksTechnical controlsOperational RigorDocumentationProject ManagementCommunication

Required

3–6+ years of experience in governance, risk, compliance, audit, or information security rolls
Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred
Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice
Experience working cross-functionally with engineering, product, and operations teams in a technical environment
Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts
Comfort operating in fast-moving environments where priorities evolve and ambiguity is common
Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale
Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes
Bachelor's degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience)
Audit Operations: Scoping, walkthroughs, evidence management, remediation tracking, auditor coordination
Control Design: Ability to translate regulatory requirements into clear, testable, and scalable controls
Risk Assessment: Experience performing system, vendor, and operational risk assessments with structured methodologies
Technical Fluency: Working understanding of cloud infrastructure, identity and access management, logging, monitoring, SDLC, and security tooling
Documentation & Writing: Strong ability to produce clear policies, procedures, narratives, and evidence artifacts
Project Management: Ability to manage multiple parallel audits, initiatives, and stakeholders while maintaining quality and deadlines
Communication: Ability to explain complex compliance concepts clearly to engineers, auditors, leadership, and external partners
Operational Rigor: Highly organized with strong attention to detail and follow-through

Preferred

Experience operating in regulated environments involving payments, banking partners, PCI, or financial audits
Experience supporting certification or operating within an ISO-aligned ISMS
Experience implementing compliance tooling, evidence automation, or GRC platforms
Hands-on ownership of third-party risk management workflows
Experience building or scaling compliance programs in high-growth companies
Sample documentation (control narrative, audit artifact, or process design) demonstrating clarity and rigor

Benefits

Competitive compensation with equity in a growing fintech company.
Remote-first culture with flexible working arrangements
Professional growth opportunities in compliance and risk management
Mission-driven — build infrastructure that powers financial innovation while meeting the highest regulatory standards

Company

Astra

twittertwittertwitter
company-logo
Astra is the platform for moving money instantly and securely
dateFounded in 2016
location
Menlo Park, California, USA
people-size11-50 employees
web-link
https://www.astrafi.com

Funding

Current Stage
Early Stage
Total Funding
$44.9M
Key Investors
Alumni VenturesFPV VenturesSlow Ventures
2024-05-29Series A
2022-10-13Series A· $10M
2022-10-13Debt Financing· $30M

Leadership Team

leader-logo
Gil Akos
Co-Founder, CEO
linkedin
leader-logo
Sam Morgan
Co-Founder, Chief Operating Officer
linkedin

Recent News

Jakarta Globe
Astra Festival 2025 Unites Communities with Music, Recognition, and Inspiration
2025-08-13
TV Blackbox
Subscription TV takes bigger slice of viewing as streaming dominates
2025-08-13
Entrackr
Funding and acquisitions in Indian startup this week [July 28- Aug 02]
2025-08-03
Company data provided by crunchbase