Information Security Analyst - Intern

Role Overview

The Information Security Analyst Intern will support the organization's Information Security, AI Governance, and IT Risk Management programs by assisting in the implementation, monitoring, and continuous improvement of security controls across technology, people, and processes.

This role provides exposure to cybersecurity governance, compliance, security operations, and AI risk management frameworks, including ISO/IEC 27001:2022, SOC 2 Type II, ISO/IEC 42001, NIST Cybersecurity Framework (CSF) 2.0, GDPR and DPDP

The intern will collaborate with Technology, Engineering, Compliance, Risk Management, and Business teams to support security initiatives, perform risk analysis, assist with audits, monitor security posture, and contribute to both technical security operations and governance activities.

This role is ideal for candidates seeking hands-on experience in Cybersecurity Governance, Risk & Compliance (GRC), Security Operations (SecOps), and emerging AI governance practices.

Key Responsibilities

Security Governance & Risk Management

• Assist in analysing and implementing security and privacy requirements aligned with business and technology initiatives.
• Support the implementation and maintenance of the organization's Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022.
• Assist in maintaining and monitoring SOC 2 Type II control environments, including evidence collection, control validation, and compliance tracking.
• Contribute to the implementation and governance of ISO/IEC 42001 (Artificial Intelligence Management System AIMS) by assisting with AI risk management processes, AI system documentation, and responsible AI governance practices.
• Support the implementation of cybersecurity capabilities aligned with the NIST Cybersecurity Framework (CSF) 2.0, including activities across the core functions: Govern, Identify, Protect, Detect, Respond, and Recover.
• Assist in performing IT risk assessments, documenting risks in the risk register, and tracking remediation actions.
• Identify potential security control gaps, operational risks, and process weaknesses, and support remediation planning.
• Assist in evaluating segregation of duties (SoD) across systems, applications, and operational processes.
  

Compliance & Policy Management

• Assist in the development, review, and maintenance of information security policies, standards, and procedures.
• Support alignment of internal policies with industry frameworks including:
• ISO/IEC 27001
• SOC 2 Trust Services Criteria
• ISO/IEC 42001 AI Governance
• NIST Cybersecurity Framework (CSF) 2.0
• Assist in monitoring adherence to security policies and regulatory obligations across departments.
• Support internal compliance assessments and help ensure policy documentation reflects the current technology and risk landscape.
  

Vendor & Third-Party Risk Management

• Assist in managing the IT Vendor Risk Management program.
• Support vendor security due diligence by reviewing security questionnaires, certifications, and supporting evidence.
• Assist in evaluating vendor security posture based on frameworks such as SOC 2, ISO 27001, and NIST CSF.
• Help track remediation actions and reassessment schedules for high-risk vendors and critical third-party service providers.
• Maintain and update the vendor risk inventory and vendor risk ratings.
  

Security Operations Support (SecOps / DevSecOps)

• Assist in operational security activities including:
• Vulnerability management
• Patch management tracking
• Security monitoring
• Incident response documentation
• Cloud Security
• External Cyber Security Posture
• Assist in coordinating application and infrastructure vulnerability assessments and penetration testing (VAPT).
• Support DevSecOps security reviews within development pipelines to ensure security requirements are integrated during application development.
• Assist in monitoring and triaging security alerts from security monitoring platforms and escalate issues where necessary.
• Support documentation of security incidents and lessons learned to improve incident response capabilities aligned with NIST CSF Detect and Respond functions.
  

Business Continuity & Disaster Recovery

• Assist in maintaining Business Continuity Plans (BCP) and Disaster Recovery (DR) procedures.
• Support the planning and coordination of DR drills and resilience testing exercises.
• Assist in documenting recovery results and ensuring alignment with defined RTO and RPO objectives.
• Help ensure that recovery capabilities align with NIST CSF Recover function and ISO 27001 resilience controls.
  

Audit & Assurance Support

• Assist in coordinating internal and external audits, including ISO, SOC 2, and framework-based assessments.
• Support audit preparation activities such as:
• Evidence gathering
• Control documentation
• Process walkthrough preparation
• Assist in tracking audit findings, corrective actions, and remediation timelines.
  

Security Awareness & Culture

• Assist in organizing and running security awareness and training programs across the organization.
• Support phishing simulations and security awareness campaigns.
• Help track participation metrics and effectiveness of awareness programs.
• Contribute to building a security-first culture across employees and business units.
  

Stakeholder Communication & Reporting

• Communicate security requirements and risk implications clearly to technical and non-technical stakeholders.
• Assist in preparing security dashboards, governance reports, and executive presentations.
• Participate in security governance and risk review meetings and document key outcomes and action items.
  

Qualifications

Education

Bachelor's Or Master's Degree In

• Information Security
• Cybersecurity
• Computer Science
• Information Systems
• or a related technical discipline
  

Experience

• 01 years of experience in cybersecurity, IT risk management, or compliance.
• Academic projects, cybersecurity labs, or internships related to security are considered relevant experience.
  

Technical Knowledge (Preferred)

Basic understanding of:

• Cybersecurity principles and best practices
• Risk management methodologies
• Security frameworks such as:
• ISO 27001
• NIST Cybersecurity Framework (CSF) 2.0
• SOC 2
• ISO 42001 AI Governance
• Identity and Access Management concepts
• Vulnerability management and patching processes
• Networking and system security fundamentals
• Cloud security basics (AWS, Azure, or GCP)
  

Certifications (Optional but Advantageous)

Candidates Pursuing Or Interested In Certifications Such As

• Security+
• ISO 27001 Foundation / Lead Implementer
• Certified in Cybersecurity (ISC CC)
• NIST Cybersecurity Framework training
• AI governance or responsible AI certifications
  

Personal Attributes

• Strong analytical and problem-solving mindset.
• Ability to work effectively in a complex and rapidly evolving technology environment.
• Self-motivated with a strong desire to learn cybersecurity technologies, frameworks, and governance practices.
• Ability to manage multiple tasks and priorities simultaneously.
• Strong written and verbal communication skills.
• Excellent documentation and organizational abilities.
• Team-oriented mindset with the ability to work independently when required.
  

What The Intern Will Gain

• Hands-on experience with enterprise cybersecurity governance and compliance programs.
• Exposure to global security frameworks including ISO 27001, NIST CSF, SOC 2, and ISO 42001.
• Practical understanding of security operations and risk management practices.
• Experience working in a cross-functional security environment involving technology, compliance, and business teams.
• A strong foundation for building a career in Cybersecurity, GRC, Security Engineering, or Security Operations.