Top Benefits
Stock options
Health benefits from day 1 with medical stipend
One-time $500 home‑office setup
About the role
Who you are
- We’re looking for someone curious, organized, and eager to grow
- If you enjoy learning how technical systems work, translating risk into clear language, and building structured programs from the ground up - then this role is for you. Prior GRC experience is a plus, but not required; we’re happy to invest in the right candidate
- 1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome
- Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management)
- Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar
- Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you don’t need to be an expert, just curious
- Strong written communication and documentation skills
- Ability to assess technical risks and clearly communicate them to non-technical stakeholders
- Experience working cross-functionally with engineering and product teams
- Highly organized with strong attention to detail
- Comfort working in a fast-paced environment
- Academic background, personal interest, or real-world experience in fintech, financial services, or trading platforms
- Exposure to AI governance, model risk management, or responsible AI programs
- Familiarity with emerging AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act concepts, model governance practices)
- Experience with GCP or other major cloud platforms
- Experience supporting or observing SOC 2, ISO 27001, or regulatory audits
- Security certifications (e.g., Security+, SSCP) or early-stage GRC certifications
- Interest in pursuing advanced certifications (CISA, CRISC, CISSP, or AI governance certifications)
- Experience working remotely or in distributed teams
What the job involves
- As a Cyber & AI Risk Analyst, you will play a critical role in strengthening Alpaca’s security, compliance, and AI risk posture across the organization
- Working closely with the Cyber GRC Lead, you will support the identification, assessment, and documentation of cybersecurity and AI-related risks that impact our infrastructure, products, trading systems, and internal operations
- You will contribute to the design and execution of our risk management framework across traditional cyber domains (cloud security, infrastructure, application security, third-party risk, regulatory compliance) while also helping establish foundational governance controls for AI systems, models, and AI-enabled product features
- This role sits at the intersection of cybersecurity, emerging AI governance, regulatory expectations, and financial services risk management
- You’ll collaborate closely with Engineering, Product, Legal, Compliance, and IT teams to ensure Alpaca remains resilient, compliant, and forward-looking in how we manage both Cyber and AI risk
- Support the execution of Alpaca’s cybersecurity risk management program
- Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms
- Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse)
- Help develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act
- Perform third-party/vendor security and AI risk assessments
- Contribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards
- Track remediation efforts and maintain risk registers and reporting dashboards
- Support internal and external audits by preparing documentation and evidence
- Monitor regulatory developments related to cybersecurity, financial services, and AI governance
- Help mature policies, standards, and procedures for both cyber and AI domains
Benefits
- Stock Options
- Health benefits from day 1 (internationally, this includes a stipend value to offset medical costs)
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card
- Work with awesome people, clients and partners from around the world
- Medical, Dental, Vision
- Supplemental health care
About Alpaca
Financial Services
201-500
Alpaca is a developer-first API brokerage platform that supports hundreds of businesses globally. Alpaca offers stock, options, ETF and crypto trading, real-time market data, and end-to-end brokerage infrastructure through modern APIs.
Alpaca has raised over $120m in funding and is backed by top investors in the industry globally, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Eldridge, Positive Sum, Elefund, and Y Combinator.
Similar jobs you might like
Top Benefits
Stock options
Health benefits from day 1 with medical stipend
One-time $500 home‑office setup
About the role
Who you are
- We’re looking for someone curious, organized, and eager to grow
- If you enjoy learning how technical systems work, translating risk into clear language, and building structured programs from the ground up - then this role is for you. Prior GRC experience is a plus, but not required; we’re happy to invest in the right candidate
- 1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome
- Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management)
- Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar
- Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you don’t need to be an expert, just curious
- Strong written communication and documentation skills
- Ability to assess technical risks and clearly communicate them to non-technical stakeholders
- Experience working cross-functionally with engineering and product teams
- Highly organized with strong attention to detail
- Comfort working in a fast-paced environment
- Academic background, personal interest, or real-world experience in fintech, financial services, or trading platforms
- Exposure to AI governance, model risk management, or responsible AI programs
- Familiarity with emerging AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act concepts, model governance practices)
- Experience with GCP or other major cloud platforms
- Experience supporting or observing SOC 2, ISO 27001, or regulatory audits
- Security certifications (e.g., Security+, SSCP) or early-stage GRC certifications
- Interest in pursuing advanced certifications (CISA, CRISC, CISSP, or AI governance certifications)
- Experience working remotely or in distributed teams
What the job involves
- As a Cyber & AI Risk Analyst, you will play a critical role in strengthening Alpaca’s security, compliance, and AI risk posture across the organization
- Working closely with the Cyber GRC Lead, you will support the identification, assessment, and documentation of cybersecurity and AI-related risks that impact our infrastructure, products, trading systems, and internal operations
- You will contribute to the design and execution of our risk management framework across traditional cyber domains (cloud security, infrastructure, application security, third-party risk, regulatory compliance) while also helping establish foundational governance controls for AI systems, models, and AI-enabled product features
- This role sits at the intersection of cybersecurity, emerging AI governance, regulatory expectations, and financial services risk management
- You’ll collaborate closely with Engineering, Product, Legal, Compliance, and IT teams to ensure Alpaca remains resilient, compliant, and forward-looking in how we manage both Cyber and AI risk
- Support the execution of Alpaca’s cybersecurity risk management program
- Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms
- Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse)
- Help develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act
- Perform third-party/vendor security and AI risk assessments
- Contribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards
- Track remediation efforts and maintain risk registers and reporting dashboards
- Support internal and external audits by preparing documentation and evidence
- Monitor regulatory developments related to cybersecurity, financial services, and AI governance
- Help mature policies, standards, and procedures for both cyber and AI domains
Benefits
- Stock Options
- Health benefits from day 1 (internationally, this includes a stipend value to offset medical costs)
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card
- Work with awesome people, clients and partners from around the world
- Medical, Dental, Vision
- Supplemental health care
About Alpaca
Financial Services
201-500
Alpaca is a developer-first API brokerage platform that supports hundreds of businesses globally. Alpaca offers stock, options, ETF and crypto trading, real-time market data, and end-to-end brokerage infrastructure through modern APIs.
Alpaca has raised over $120m in funding and is backed by top investors in the industry globally, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Eldridge, Positive Sum, Elefund, and Y Combinator.