Support the execution of Alpaca’s cybersecurity risk management program
Conduct cyber risk assessments across cloud infrastructure, APIs, trading systems, and internal platforms
Assist in identifying, documenting, and evaluating AI-related risks (model risk, data privacy, bias, explainability, adversarial threats, model misuse)
Help develop and maintain AI governance controls aligned with evolving regulatory expectations, such as the EU AI Act
Perform third-party/vendor security and AI risk assessments
Contribute to control testing across frameworks such as SOC 2, ISO 27001, CSA Star, NIST CSF, and emerging AI governance standards
Track remediation efforts and maintain risk registers and reporting dashboards
Support internal and external audits by preparing documentation and evidence
Monitor regulatory developments related to cybersecurity, financial services, and AI governance
Help mature policies, standards, and procedures for both cyber and AI domains.

1+ years of experience in cybersecurity, risk management, IT audit, GRC, or a related field
internships, coursework, or equivalent experience is welcome
Foundational understanding of cybersecurity principles (network security, cloud security, IAM, application security, vulnerability management)
Familiarity with common frameworks such as NIST CSF, ISO 27001, SOC 2, or similar
Understanding of AI/ML concepts and associated risks (data governance, model bias, hallucinations, prompt injection, model misuse, etc.)
you don’t need to be an expert, just curious
Strong written communication and documentation skills
Ability to assess technical risks and clearly communicate them to non-technical stakeholders
Experience working cross-functionally with engineering and product teams
Highly organized with strong attention to detail
Comfort working in a fast-paced environment.

Cyber, AI Risk Analyst

Key skills