Information Security Intern
About The Position
The Information Security Intern will support OneRail’s Security, Risk, Privacy, and Compliance (SRPC) program by assisting with governance, documentation, audit readiness, and security operations support. This role exists to reduce operational friction across the security team by supporting core activities related to SOC 2, ISO 27001, and internal security processes. The ideal candidate is detail-oriented, organized, and interested in cybersecurity, risk, and compliance. This role is best suited for someone who wants real-world exposure to how security programs operate within a SaaS organization, with a focus on governance and business-aligned security practices. The intern will work closely with the IST team to support ongoing security initiatives while gaining hands-on experience in a structured, controlled environment.
Requirements
- Currently pursuing or recently completed a degree in Cybersecurity, Information Technology, Computer Science, or a related field
- Strong written and verbal communication skills
- Strong organizational skills and attention to detail
- Ability to handle sensitive information with professionalism and discretion
- Basic understanding of cybersecurity concepts (CIA triad, access control, risk, etc.)
- Ability to work independently and manage tasks with guidance
- Attention to detail and accuracy
- Strong documentation and writing ability
- Critical thinking and problem-solving
- Ability to follow structured processes and procedures
- Willingness to learn and adapt in a fast-paced environment
Nice To Haves
- Exposure to security frameworks such as SOC 2, ISO 27001, or NIST
- Familiarity with tools such as Microsoft Azure, Entra ID, or security platforms (SIEM, vulnerability management, etc.)
- Experience with documentation tools (e.g., Confluence, GitBook, Notion)
- Interest in Governance, Risk, and Compliance (GRC) or security operations
- Previous internship, coursework, or projects related to cybersecurity
Responsibilities
- Assist with SOC 2 and ISO 27001 evidence collection, organization, and tracking
- Support audit readiness efforts by identifying documentation gaps and following up with control owners
- Maintain and update security policies, standards, and runbooks to improve clarity and usability
- Help build and organize internal documentation and knowledge base content (e.g., procedures, workflows)
- Assist with vendor and third-party risk intake by gathering required information and preparing documentation
- Support risk register updates and tracking of identified risks and mitigation efforts
- Assist in documenting security incidents and building timelines for internal review (non-response role)
- Support vulnerability tracking and reporting activities (status tracking, not remediation)
- Participate in security awareness initiatives, including phishing simulations and training support
- Collaborate with team members across security, engineering, and operations to support security processes
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Intern
Number of Employees
1-10 employees
