GRC Analyst

What You’ll Do:

• Audit Execution & Readiness: Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles.
• Control Design & Documentation: Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
• Cross-Framework Mapping: Map controls across SOC, ISO, PCI, and NIST frameworks.

What We’re Looking For:

• 3–6+ years of experience in governance, risk, compliance, audit, or information security rolls.
• Hands-on experience supporting or leading SOC 1 and/or SOC 2 audits; experience with PCI DSS and ISO 27001 is strongly preferred.
• Strong working knowledge of compliance frameworks (SOC, ISO 27001, NIST CSF, PCI DSS) and how controls operate in practice.

Why This Role Matters:

• Enable Astra to scale responsibly while maintaining strong audit outcomes and regulatory credibility.
• Reduce friction for engineering and product teams by building clear, pragmatic compliance processes.
• Improve operational maturity through automation, documentation quality, and continuous improvement.