Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business.
Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.
Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.
Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.
Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.
Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.
Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows.
Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

Requirements

3–6+ years of experience in governance, risk, compliance, audit, or information security roles.
Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred.
Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice.
Experience working cross-functionally with engineering, product, and operations teams in a technical environment.
Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts.
Comfort operating in fast-moving environments where priorities evolve and ambiguity is common.
Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale.
Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes.
Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience).

Benefits

Competitive compensation with equity in a growing fintech company.
Remote-first culture with flexible working arrangements
Small team, big impact — your work directly supports Astra’s ability to scale responsibly
Professional growth opportunities in compliance and risk management
Mission-driven — build infrastructure that powers financial innovation while meeting the highest regulatory standards

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOC 1SOC 2PCI DSSISO 27001NIST CSFrisk assessmentscontrol testingevidence collectionaudit cyclescloud infrastructure

Soft Skills

collaborationdocumentationadaptabilityproblem-solvingcommunicationorganizational skillsleadershipattention to detailcritical thinkingambition