Astra

Private Company

Open Positions7

Remote - US OnlyFull-TimeFintech, PaymentsPosted

Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.
Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.
Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.
Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.
Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.
Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality.
Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

Project Management

Showing 1 of 7 positions