Internship Duration: 3 Months (Onsite)
Location: Onsite
Function: Governance, Risk & Compliance (GRC) / Assurance / Audit
Reports to: Audit Manager / Lead Auditor / GRC Program Lead
Role Summary
As a GRC Audit Intern, you will support audit teams in planning, evidence collection, testing, and reporting for management system and assurance engagements, including ISO/IEC 27001 (ISMS), ISO/IEC 42001 (AIMS), ISO/IEC 27701 (PIMS), SOC 2, and compliance assessments aligned to HIPAA, GDPR, and India’s DPDP Act. This is a hands-on, onsite internship designed to build practical skills in audit execution, controls testing, and compliance documentation.
Key Responsibilities
Audit Support & Execution
- Assist auditors during onsite audits: meeting notes, evidence walkthroughs, and coordination with client stakeholders.
- Support audit planning activities: scope understanding, sampling lists, and evidence requests.
- Perform controls testing support under supervision (design/implementation checks) for security, privacy, and AI governance controls.
Evidence Collection & Documentation
- Collect and organize evidence (policies, SOPs, logs, tickets, screenshots, configurations, training records).
- Maintain evidence trackers and ensure proper naming, versioning, and traceability.
- Help map evidence to standard/framework requirements (clauses, controls, Trust Services Criteria, regulatory requirements).
Gap Assessment & Reporting
- Support identification of gaps, observations, OFIs, and nonconformities with clear references.
- Draft sections of audit deliverables: checklists, working papers, meeting minutes, and summary notes.
- Assist with corrective action follow-ups: tracking CAPA status and closure evidence.
Tools & Coordination
- Update audit trackers, risk registers, SoA/controls mapping sheets, and project documentation repositories.
- Coordinate with internal teams for scheduling, logistics, and documentation completeness.
- Maintain confidentiality and follow internal information security policies at all times.
Standards / Framework Exposure (During Internship)
You may work across one or more of the following (based on project allocation):
- ISO/IEC 27001:2022 – Information Security Management Systems
- ISO/IEC 42001:2023 – AI Management Systems (AIMS)
- ISO/IEC 27701:2019 – Privacy Information Management Systems (PIMS)
- SOC 2 – Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy)
- HIPAA – Security/Privacy Rule alignment (as applicable)
- GDPR – Privacy compliance assessment support
- DPDP Act (India) – Data protection compliance support
Required Skills & Qualifications
- Currently pursuing or recently completed a degree in Information Security, Computer Science, IT, Risk/Compliance, Cybersecurity, Law/Policy (tech) or related fields.
- Basic understanding of cybersecurity audit concepts and frameworks.
Preferred (Nice-to-Have)
- Familiarity with any of: ISO 27001 controls, SOC 2, GDPR, HIPAA, DPDP, risk assessment, privacy principles.
- Interest in AI governance/AI risk and model lifecycle basics (helpful for ISO 42001 projects).
Internship Outcomes / Learning
- Understanding how certification/assurance audits are conducted and how evidence is evaluated.
- Improved professional writing: working papers, checklists, summaries, and CAPA tracking.
- Exposure to multi-framework compliance expectations across security, privacy, and AI governance.
Professional Expectations
- Maintain strict confidentiality and follow security policies.
- Be punctual and dependable for onsite schedules and client meetings.
- Demonstrate attention to detail and a willingness to learn.
- Conduct yourself professionally with clients and internal teams.
Potential Full-Time Conversion (Post Internship)
Subject to performance, selected interns may be considered for conversion to a full-time position at the end of the 3-month internship.
Job Types: Fresher, Internship
Contract length: 3 months
Pay: ₹10,000.00 - ₹15,000.00 per month
Work Location: In person
