Governance, Risk & Compliance (GRC) Intern
About The Position
TransMedics is transforming organ transplantation through the Organ Care System (OCS), operating within a highly regulated healthcare and technology environment. Our Governance, Risk & Compliance (GRC) function ensures that enterprise systems, data, and processes align with cybersecurity standards, regulatory requirements, and global best practices. The Governance, Risk & Compliance (GRC) Intern will support enterprise-wide compliance, cybersecurity governance, and risk management initiatives. This role provides hands-on exposure to policy management, regulatory frameworks, audit preparation, third-party risk management, and security metrics reporting. This internship is ideal for students interested in cybersecurity, compliance, risk management, audit, information governance, or regulatory strategy.
Requirements
- College Junior
- Strong written and verbal communication skills
- Strong attention to detail and organizational skills
- Analytical and critical thinking ability
- Basic understanding of cybersecurity concepts
- Proficiency in Microsoft Excel, Word, and PowerPoint
- Ability to organize and track data accurately
- High integrity and discretion when handling sensitive information
- Ability to work independently and collaboratively
Nice To Haves
- Familiarity with compliance frameworks such as NIST, HIPAA, or GDPR
- Coursework or interest in cybersecurity, risk management, audit, or regulatory compliance
- Research and documentation experience
- Interest in governance, information security, or regulatory strategy
- Eligible Majors Information Security / Cybersecurity
- Information Assurance
- Computer Science
- Information Systems / MIS
- Information Technology
- Cyber Operations / Digital Forensics
- Data Analytics
- Business Administration (Information Systems or Risk focus)
- Finance (Risk or Compliance focus)
- Accounting (Audit focus)
- Healthcare Administration / Health Information Management
- Public Policy (Technology Regulation focus)
- Legal Studies / Pre-Law (Technology Law interest)
- Criminal Justice (Cybersecurity focus)
Responsibilities
- Policy & Documentation Management Assist with policy and procedure reviews and updates
- Maintain version control and documentation repositories
- Map policies and internal controls to frameworks such as NIST 800-171, HIPAA, and GDPR
- Support data inventory and data flow documentation efforts
- Risk & Compliance Tracking Update and maintain the enterprise risk register
- Track remediation actions and follow up with control owners
- Track control testing status and compliance metrics
- Assist with access review documentation and tracking
- Maintain system and asset inventory records
- Third-Party & Audit Support Support third-party risk assessments and vendor questionnaire tracking
- Review and organize SOC reports and vendor security documentation
- Collect and organize audit evidence for internal and external audits
- Reporting & Metrics Assist with security awareness tracking and phishing metrics reporting
- Prepare basic compliance dashboards and executive reporting summaries
- Research regulatory updates and emerging compliance requirements
- Help improve GRC process documentation and workflow efficiency
Benefits
- Medical with Health Reimbursement Account through Blue Cross/Blue Shield of MA
- Dental
- Vision
- Healthcare Flexible Spending Account
- Dependent Care Flexible Spending Account
- Short Term Disability
- Long Term Disability
- 401K Plan
- Pet insurance
- Employee Stock Purchase Plan
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Intern
Education Level
No Education Listed
