About the company
Who We Are: Alpaca is a US California headquartered brokerage infrastructure technology company and self-clearing broker-dealer, delivering execution and custody solutions for Stocks, ETFs, Options, Cryptocurrencies, and more, and has raised over $170 million in funding. Amongst our subsidiaries, Alpaca is a licensed financial services company in multiple countries, and we serve hundreds of financial institutions globally such as broker-dealers, investment advisors, hedge funds, and crypto exchanges as well as millions of individual customers all over the world. Alpacaās globally distributed team members bring in diverse experiences such as engineers, traders, and brokerage professionals to achieve our Mission of opening financial services to everyone on the planet. We are also deeply committed to open-source contributions and fostering a vibrant community. We will continue to enhance and improve our award-winning developer-friendly API and the brokerage infrastructure behind it.
Job Summary
Things You Get To Do:
šSupport the execution of Alpacaās cybersecurity risk management program šConduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms šAssist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse) šHelp develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act šPerform third-party/vendor security and AI risk assessments šContribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards šTrack remediation efforts and maintain risk registers and reporting dashboards šSupport internal and external audits by preparing documentation and evidence šMonitor regulatory developments related to cybersecurity, financial services, and AI governance šHelp mature policies, standards, and procedures for both cyber and AI domains
Who You Are (Must-Haves):
š1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field - internships, coursework, or equivalent experience is welcome šFoundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management) šFamiliarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar šUnderstanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.) - you donāt need to be an expert, just curious šStrong written communication and documentation skills šAbility to assess technical risks and clearly communicate them to non-technical stakeholders šExperience working cross-functionally with engineering and product teams šHighly organized with strong attention to detail šComfort working in a fast-paced environment
The future of finance is here ā whether youāre interested in blockchain, cryptocurrency, or remote web3 jobs, thereās a perfect role waiting for you.
