Security GRC Analyst

Summary

Join Alpaca, a leading brokerage infrastructure technology company, as a Security Governance, Risk, and Compliance (GRC) Analyst. You will play a critical role in safeguarding Alpaca’s systems, data, and client assets. This position involves assessing risks, monitoring compliance, and collaborating with stakeholders to ensure adherence to security policies and regulations. The role requires a deep understanding of cybersecurity principles and risk management, with experience in managing security risks and cross-functional collaboration. The Security Team is 100% distributed and remote, reporting directly to the CISO. Alpaca offers competitive compensation and benefits, including health benefits starting on day one, a new hire home-office setup stipend, and a monthly stipend.

Requirements

• Be excited about Alpaca’s mission and what we’re building
• Have at least 3 years of experience in the development and execution of risk management and compliance functions
• Possess strong knowledge of diverse information security and compliance standards, encompassing SOC 2, ISO 27001, CSA, NIST, GDPR, CCPA, FINRA, and SEC cybersecurity guidelines
• Have experience with managing risk assessments, gap analysis, and risk treatment planning
• Possess strong familiarity with Cloud Service Providers
• Have experience with audit preparation, response, and corrective action plan development
• Possess excellent communication and interpersonal skills, allowing for effective stakeholder engagement, issue advocacy, and strategic alignment to ensure Security concerns are prioritized in a manner that minimizes business risk
• Be available for on-call rotations and after hour responses as needed

Responsibilities

• Assist the CISO with developing and maintaining a comprehensive Security program including policies and procedures to ensure compliance with relevant regulations and standards
• Ensure compliance with SOC 2 Type 2, ISO 27001, CSA Star, GDPR, and external regulatory requirements
• Conduct regular risk assessments, gap analysis, and develop risk treatment plans
• Apply statistical models to risk frameworks, translating risk into quantifiable metrics (such as FAIR)
• Collaborate with the CISO to provide strategic guidance on Security matters and respond to emerging risks
• Manage and maintain an up to date security control framework
• Facilitate periodic user access reviews
• Manage and coordinate internal and external audits, including preparation of audit responses and corrective action plans
• Collaborate with other departments to mitigate security risks and collect evidence as necessary
• Manage Alpaca’s supply chain security risks by performing regular assessments of our third parties
• Provide training and awareness to employees on cybersecurity policies and compliance requirements
• Assist the Security team with triaging of security events

Preferred Qualifications

• Have a Bachelor’s degree in Information Technology or a related field
• Have Security related certifications such as CISSP, CRISC, GIAC
• Possess an understanding of financial and privacy regulations
• Have experience in the financial services industry
• Have experience working at startups
• Possess business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

Benefits

• Competitive Salary & Stock Options
• Health benefits start on day 1. In the US this includes Medical, Dental, Vision. In Canada, this includes supplemental health care. In Japan, you are offered local benefits. Internationally, this includes a stipend value to offset medical costs
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card
• Work with awesome hard working people, super smart and cool clients and innovative partners from around the world