Security GRC Analyst

Who We Are:

Alpaca is a US California headquartered brokerage infrastructure technology company and self-clearing broker-dealer, delivering execution and custody solutions for Stocks, ETFs, Options, Cryptocurrencies, and more, and has raised over $170 million in funding. Amongst our subsidiaries, Alpaca is a licensed financial services company in multiple countries, and we serve hundreds of financial institutions globally such as broker-dealers, investment advisors, hedge funds, and crypto exchanges.

Alpaca's globally distributed team members bring in diverse experiences such as engineers, traders, and brokerage professionals to achieve our Mission of opening financial services to everyone on the planet. We are also deeply committed to open-source contributions and fostering a vibrant community. We will continue to enhance and improve our award-winning developer-friendly API and the infrastructure behind it.

Our Team Members:

We're a team of 150+ globally distributed members who love working from our favorite places worldwide. Our team spans the USA, Canada, Japan, Hungary, Nigeria, Brazil, the United Kingdom, and more!

We're looking for candidates eager to join Alpaca's growing organization, who are excited about our Mission of "Open financial services to everyone on the planet and share our Values of "Stay Curious," "Have Empathy," and "Be Accountable."

Your Role:

We are seeking an experienced Security Governance, Risk, and Compliance (GRC) Analyst who can help expand our Security efforts and play a critical role in safeguarding Alpaca's systems, data, and client assets from evolving risks and threats to ensure the security and integrity of our Firm. This role involves assessing risks, monitoring compliance, and collaborating with internal and external stakeholders to ensure adherence with our security policies, regulations, and best practices.

The role requires a deep understanding of Cybersecurity principles, risk management, compliance and standard frameworks with a proven track record of managing security risks and cross functional collaboration. The Security Team is 100% distributed and remote.

This role will be reporting directly to the CISO.

Things You Get To Do:

• Assist the CISO with developing and maintaining a comprehensive Security program including policies and procedures to ensure compliance with relevant regulations and standards
• Ensure compliance with SOC 2 Type 2, ISO 27001, CSA Star, GDPR, and external regulatory requirements
• Conduct regular risk assessments, gap analysis, and develop risk treatment plans
• Apply statistical models to risk frameworks, translating risk into quantifiable metrics (such as FAIR)
• Collaborate with the CISO to provide strategic guidance on Security matters and respond to emerging risks
• Manage and maintain an up to date security control framework
• Facilitate periodic user access reviews
• Manage and coordinate internal and external audits, including preparation of audit responses and corrective action plans
• Collaborate with other departments to mitigate security risks and collect evidence as necessary
• Manage Alpaca's supply chain security risks by performing regular assessments of our third parties
• Provide training and awareness to employees on cybersecurity policies and compliance requirements
• Assist the Security team with triaging of security events
  
  

Who You Are (Must-Haves):

• Excited about Alpaca's mission and what we're building
• At least 3 years of experience in the development and execution of risk management and compliance functions
• Strong knowledge of diverse information security and compliance standards, encompassing SOC 2, ISO 27001, CSA, NIST, GDPR, CCPA, FINRA, and SEC cybersecurity guidelines
• Experience with managing risk assessments, gap analysis, and risk treatment planning
• Strong familiarity with Cloud Service Providers
• Experience with audit preparation, response, and corrective action plan development
• Excellent communication and interpersonal skills, allowing for effective stakeholder engagement, issue advocacy, and strategic alignment to ensure Security concerns are prioritized in a manner that minimizes business risk
• Available for on-call rotations and after hour responses as needed
  
  

Who You Might Be (Nice-to-Haves):

• Bachelor's degree in Information Technology or a related field
• Security related certifications such as CISSP, CRISC, GIAC is a plus
• Understanding of financial and privacy regulations
• Experience in the financial services industry
• Experience working at startups
• Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints
  
  

How We Take Care of You:

• Competitive Salary & Stock Options
• Benefits: Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs.
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card
• Work with awesome hard working people, super smart and cool clients and innovative partners from around the world
  
  

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Recruitment Privacy Policy