Governance, Risk, and Compliance  

About Astro

ASTRO is Indonesia's quick commerce company that delivers groceries and essentials to your door within 15 minutes. Founded in 2021 by a group of seasoned e-commerce executives and is backed trusted international investors, it is our mission to make people's lives simpler and easier by saving them time, energy, and money.

Just like real Astronauts that take off into outer space, Astro embodies the values of being fast, bold, adventurous, and technologically advanced.

Interested in working for a company that pushes the boundaries and strives to be the best? Join us now to be a part of this ground-breaking mission!

About this Position

We are looking for a Governance, Risk, and Compliance (GRC) professional who will play a key role in strengthening the organization’s risk management and compliance practices. In this role, you will lead risk assessments across business and technology functions, ensure compliance with security and regulatory frameworks such as ISO 27001 and SOC 2, and coordinate internal and external audits. You will work closely with cross-functional teams to embed effective controls into business processes while providing clear reporting and guidance to help the organization manage risk and maintain strong governance standards.

Job Description:

• Lead enterprise and technology risk assessments across business and operational functions.
• Develop and maintain policies, standards, procedures, and compliance documentation.
• Manage compliance readiness for frameworks such as SO 27001, SOC 2, and PDP laws.
• Coordinate internal and external audits, control reviews, and remediation tracking.
• Maintain risk registers, issue logs, exception records, and control matrices.
• Conduct vendor and third-party risk assessments for critical partners and service providers.
• Support business continuity and resilience governance activities.
• Provide regular reporting to management on risk exposure, control effectiveness, compliance status, and remediation progress.
• Work closely with Security, Engineering, Product, Legal, Operations, and Finance to embed controls into business processes.
• Deliver awareness sessions and practical guidance to improve risk ownership across the organization.

• Bachelor's degree in a relevant field.
• 4+ years of experience in GRC, IT audit, compliance, risk management, or information security governance.
• Experience in a technology company, especially in e-commerce, quickcommerce, fintech, or logistics is strongly preferred.
• Strong knowledge of risk management, internal controls, audits, and security/compliance frameworks.
• Familiarity with I SO 27001, SOC 2, NIST, and privacy-related compliance practices.
• Strong communication, reporting, and stakeholder management skills.
• Experience in fast-paced and high-growth environments is a strong advantage.