Assist in reviewing, formatting, and updating information security policies, standards, and procedures.
Support the rollout of the company-wide Security Awareness Training program (e.g., helping design newsletters, tracking training completion, or setting up phishing simulations).
Help prepare slide decks and reports on security metrics for management.
Risk Management:
Shadow senior analysts during IT and cybersecurity risk assessments.
Assist in the Third-Party Risk Management (TPRM) process by reviewing basic vendor security questionnaires and organizing vendor documentation.
Help maintain the organization's Risk Register by logging new risks and tracking remediation tasks.
Compliance:
Assist the team in gathering and organizing evidence for upcoming audits (e.g., SOC 2, ISO 27001, HIPAA).
Help track and document the remediation of audit findings.
Organize and maintain a central repository of compliance documentation and certifications.
What You Will Learn:
Real-world application of industry-standard security frameworks (such as NIST, ISO 27001, or SOC 2).
How to translate complex IT and cybersecurity concepts into business risks.
Hands-on experience with GRC tools and platforms.
How to conduct third-party vendor risk assessments.
Qualifications:
Education: Currently enrolled in a Bachelor's or Master's degree program in Cybersecurity, Information Technology, Management Information Systems (MIS), Business, Law, or a related field. (Rising Juniors, Seniors, or Master's students preferred).
Knowledge: A basic understanding of general IT concepts and foundational cybersecurity principles.
