TL;DR

Cyber & AI Risk Analyst: Strengthening Alpaca’s security, compliance, and AI risk posture across the organization with an accent on identifying, assessing, and documenting cybersecurity and AI-related risks. Focus on designing and executing the risk management framework across traditional cyber domains and establishing foundational governance controls for AI systems.

Location: Remote - Americas

Salary: One-time USD $500 and Monthly Stipend: USD $150 per month

Company

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more.

What you will do

  • Support the execution of Alpaca’s cybersecurity risk management program.
  • Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms.
  • Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse).
  • Perform third-party/vendor security and AI risk assessments.
  • Track remediation efforts and maintain risk registers and reporting dashboards.
  • Help mature policies, standards, and procedures for both cyber and AI domains.

Requirements

  • 1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome.
  • Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management).
  • Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar.
  • Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you don’t need to be an expert, just curious.
  • Strong written communication and documentation skills.
  • Ability to assess technical risks and clearly communicate them to non-technical stakeholders.

Nice to have

  • Academic background, personal interest, or real-world experience in fintech, financial services, or trading platforms.
  • Exposure to AI governance, model risk management, or responsible AI programs.
  • Experience with GCP or other major cloud platforms.
  • Security certifications (e.g., Security+, SSCP) or early-stage GRC certifications.

Culture & Benefits

  • Competitive Salary & Stock Options
  • Health Benefits
  • New Hire Home-Office Setup: One-time USD $500
  • Monthly Stipend: USD $150 per month via a Brex Card