Cyber & AI Risk Analyst

Job Description

Who We Are:

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, ²⁴⁄₅ trading, and more. Our recent Series D funding round brought our total investment to over $320 million, fueling our ambitious vision.

Amongst our subsidiaries, Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs. This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts.

Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of opening financial services to everyone on the planet. We’re deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it.

Alpaca is proudly backed by top-tier global investors, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Derayah Financial, Elefund, and Y Combinator.

Our Team Members:

We’re a dynamic team of 230+ globally distributed members who thrive working from our favorite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond!

We’re searching for passionate individuals eager to contribute to Alpaca’s rapid growth. If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply.

Your Role:

As a Cyber & AI Risk Analyst, you will play a critical role in strengthening Alpaca’s security, compliance, and AI risk posture across the organization. Working closely with the Cyber GRC Lead, you will support the identification, assessment, and documentation of cybersecurity and AI-related risks that impact our infrastructure, products, trading systems, and internal operations.

You will contribute to the design and execution of our risk management framework across traditional cyber domains (cloud security, infrastructure, application security, third-party risk, regulatory compliance) while also helping establish foundational governance controls for AI systems, models, and AI-enabled product features.

This role sits at the intersection of cybersecurity, emerging AI governance, regulatory expectations, and financial services risk management. You’ll collaborate closely with Engineering, Product, Legal, Compliance, and IT teams to ensure Alpaca remains resilient, compliant, and forward-looking in how we manage both Cyber and AI risk.

We’re looking for someone curious, organized, and eager to grow. If you enjoy learning how technical systems work, translating risk into clear language, and building structured programs from the ground up - then this role is for you. Prior GRC experience is a plus, but not required; we’re happy to invest in the right candidate.

Things You Get To Do:

• Support the execution of Alpaca’s cybersecurity risk management program
• Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms
• Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse)
• Help develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act
• Perform third-party/vendor security and AI risk assessments
• Contribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards
• Track remediation efforts and maintain risk registers and reporting dashboards
• Support internal and external audits by preparing documentation and evidence
• Monitor regulatory developments related to cybersecurity, financial services, and AI governance
• Help mature policies, standards, and procedures for both cyber and AI domains

Who You Are (Must-Haves):

• 1+  years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome
• Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management)
• Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar
• Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you don’t need to be an expert, just curious
• Strong written communication and documentation skills
• Ability to assess technical risks and clearly communicate them to non-technical stakeholders
• Experience working cross-functionally with engineering and product teams
• Highly organized with strong attention to detail
• Comfort working in a fast-paced environment

Who You Might Be (Nice-to-Haves):

• Academic background, personal interest, or real-world experience in fintech, financial services, or trading platforms
• Exposure to AI governance, model risk management, or responsible AI programs
• Familiarity with emerging AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act concepts, model governance practices)
• Experience with GCP or other major cloud platforms
• Experience supporting or observing SOC 2, ISO 27001, or regulatory audits
• Security certifications (e.g., Security+, SSCP) or early-stage GRC certifications
• Interest in pursuing advanced certifications (CISA, CRISC, CISSP, or AI governance certifications)
• Experience working remotely or in distributed teams

How We Take Care of You:

• Competitive Salary & Stock Options
• Health Benefits
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Recruitment Privacy Policy