GRC Program Manager

GRC Program Manager

About Astra

Astra is building mission-critical infrastructure for moving money at scale. Our platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems. We provide APIs and automation tools that enable businesses to move money programmatically while maintaining strict regulatory requirements.

The Role

As Astra’s first dedicated GRC Program Manager, you will be at the center of how we build trust, scale responsibly, and operate with regulatory excellence. This is more than a traditional compliance role – it’s an opportunity to design the governance, risk, and compliance foundation that enables Astra to grow quickly while meeting the expectations of banks, enterprise customers, auditors, and regulators. You’ll own the full spectrum of Astra's audit execution: driving SOC 1, SOC 2, PCI DSS, and ISO 27001 programs end-to-end, translating regulatory requirements into practical technical controls, building high-quality documentation and evidence, and helping teams embed security and compliance into everyday operations. You’ll partner closely with engineering and infrastructure teams to ensure controls are real, automated where possible, and aligned with how the platform actually runs. Because this is an early hire on the compliance team, you’ll have direct input into how Astra structures its audit programs, risk management processes, vendor due diligence workflows, and compliance tooling. You’ll collaborate with leaders across engineering, product, operations, and leadership to build scalable systems that reduce friction while increasing assurance and visibility. This role is perfect for someone who enjoys rolling up their sleeves to execute today while also designing durable systems for tomorrow – someone who sees compliance not as a checkbox exercise, but as a strategic advantage for building trusted financial infrastructure.

What You’ll Do

• Audit Execution & Readiness: Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
• Control Design & Documentation: Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business.
• Cross-Framework Mapping: Map controls across SOC, ISO, PCI, and NIST frameworks