GRC Program Manager

AstraFintech, Payments

Remote - US OnlyFull-TimeManager

Salary not disclosed

Apply NowOpens the employer's application page

Job Details

3–6+ years of experience in governance, risk, compliance, audit, or information security rolls.
Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits.
Experience with PCI DSS and ISO 27001.
Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS).
Experience working cross-functionally with engineering, product, and operations teams in a technical environment.
Proven ability to build and maintain high-quality documentation, evidence, and audit artifacts.
Comfort operating in fast-moving environments where priorities evolve and ambiguity is common.
Ambition to structure and systems 0 to 1, and comfort in creating frameworks, templates, and playbooks that scale.
Experience collaborating with Product, Sales, and Engineering teams to align on priorities and drive outcomes.
Bachelor’s degree in Information Systems, Computer Science, Business, Risk Management, or related field (or equivalent practical experience).
Working understanding of cloud infrastructure, identity and access management, logging, monitoring, SDLC, and security tooling.
Ability to manage multiple parallel audits, initiatives, and stakeholders while maintaining quality and deadlines.

Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements.
Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk.
Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response.
Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners.
Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships.
Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality.
Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

View Full Description & ApplyYou'll be redirected to the employer's site