Security Analyst Intern

About The Position

Requirements

• Currently pursuing a Bachelor’s or Master’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field.
• Interest in (or coursework related to) third-party risk management, security governance, or compliance.
• Strong organizational skills and attention to detail; able to manage multiple tasks and follow documented processes.
• Clear written and verbal communication skills; comfortable collaborating with internal teams and following up with vendors professionally.
• Proficiency with Microsoft Office (especially Excel) or Google Workspace; able to learn new tools quickly.
• Able to work effectively in a fully remote environment, including participating in virtual meetings and communicating status clearly.
• Must have reliable home office internet access.

Nice To Haves

• Familiarity with common security and privacy frameworks/attestations (e.g., SOC 2, ISO 27001, NIST CSF) is a plus; willingness to learn is required.
• Experience with or interest in creating training content, communications, or internal documentation (e.g., writing, editing, basic design).
• Comfort working with basic metrics and reporting (e.g., pivot tables/charts) and/or familiarity with learning management systems or security awareness platforms is a nice to have.

Responsibilities

• Assist with vendor risk assessments by collecting due diligence artifacts (e.g., SOC reports, security questionnaires, policies) and tracking status.
• Review questionnaire responses and evidence for completeness; summarize observations and follow up with vendors and internal stakeholders for clarifications.
• Help document vendor risks, compensating controls, and remediation items in the company’s third-party risk management (TPRM) system; maintain clean, audit-ready records.
• Support security awareness training planning: build and maintain the training calendar, coordinate campaign logistics, and assist with rollout communications.
• Assist with awareness platform setup (as applicable): user/group uploads, assignment rules, testing workflows, and QA of training modules and phishing simulations.
• Track participation, completion, and simulation results; help produce simple metrics dashboards and end-of-campaign summaries.
• Draft and update program documentation, job aids, FAQs, and internal wiki pages related to vendor assessments and security awareness.
• Provide general support for GRC and security program activities as needed (e.g., meeting notes, light research, process improvement tasks).

Benefits

• Reimbursement to help cover the cost of setting up your home or remote office.