This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

As a Cyber & AI Risk Analyst, you will play a critical role in strengthening Alpaca’s security, compliance, and AI risk posture across the organization. Working closely with the Cyber GRC Lead, you will support the identification, assessment, and documentation of cybersecurity and AI-related risks that impact our infrastructure, products, trading systems, and internal operations.

• Support the execution of Alpaca’s cybersecurity risk management program
• Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms
• Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse)
• Help develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act
• Perform third-party/vendor security and AI risk assessments
• Contribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards
• Track remediation efforts and maintain risk registers and reporting dashboards
• Support internal and external audits by preparing documentation and evidence
• Monitor regulatory developments related to cybersecurity, financial services, and AI governance
• Help mature policies, standards, and procedures for both cyber and AI domains

Qualifications

• 1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome
• Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management)
• Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar
• Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you don’t need to be an expert, just curious
• Strong written communication and documentation skills
• Ability to assess technical risks and clearly communicate them to non-technical stakeholders
• Experience working cross-functionally with engineering and product teams
• Highly organized with strong attention to detail
• Comfort working in a fast-paced environment

Requirements

• Academic background, personal interest, or real-world experience in fintech, financial services, or trading platforms
• Exposure to AI governance, model risk management, or responsible AI programs
• Familiarity with emerging AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act concepts, model governance practices)
• Experience with GCP or other major cloud platforms
• Experience supporting or observing SOC 2, ISO 27001, or regulatory audits
• Security certifications (e.g., Security+, SSCP) or early-stage GRC certifications
• Interest in pursuing advanced certifications (CISA, CRISC, CISSP, or AI governance certifications)
• Experience working remotely or in distributed teams

Benefits

• Competitive Salary & Stock Options
• Health Benefits
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card