Job Description

NVISO is a pure-play cyber security consulting firm: our team is composed of security professionals who each have their specific field of expertise, ranging from Information Security Governance, Risk & Compliance to Incident Response, Penetration Testing, CSIRT/SOC, Software Security, and Training & Awareness. This fantastic blend of skills enables us to help organizations prevent, detect, and respond to complex security challenges.

Tasks

As a Cybersecurity Governance Intern, you will contribute to a strategic initiative aimed at standardizing and harmonizing the way NVISO performs cybersecurity gap assessments and reports results.

The goal of the internship is to build a structured inventory of gaps and remediation measures across key frameworks and regulation (ISO 27001/27002, CyberFundamentals, NIS2, DORA). This will help align our consulting approach, ensure consistent reporting quality, and facilitate automation in our internal tools.

Responsibilities

• Review existing gap assessment reports and identify variations in the way gaps and recommendations are expressed.

• Study and compare key frameworks (ISO 27001/27002, CyberFundamentals, NIST CSF, NIS2, DORA) to define a unified taxonomy of controls and gaps.

• Develop a “Gap & Measure Inventory” mapping for each control:

• Control objective

• Typical gaps or non-conformities observed

• Root causes and risk implications

• Standard remediation measures

• Examples of evidence or maturity indicators

• Define a harmonized report structure to ensure consistency across all future gap assessments.

• Propose an implementation model for integrating this library into NVISO tools.

• Support the creation of a Methodology Guide documenting the process and standards for gap assessments.

• Present final deliverables to senior consultants and managers for validation and integration into the GRC practice.

Output of Internship:
By the end of the internship, the student will have:

• Acquired deep understanding of major cybersecurity frameworks and how they interrelate.
• Produced a standardized gap assessment model used by NVISO consultants for consistency across clients.
• Created a Gap-to-Measures database that supports future automation and knowledge management.
• Gained hands-on experience in cybersecurity governance and compliance consulting.

Requirements

• Currently pursuing a degree in Cybersecurity, Governance, Computer Science, Data Analytics, or a related field.
• Basic knowledge of cybersecurity frameworks (ISO 27001, NIS2, or NIST CSF) and risk management principles.
• Strong analytical and synthesis skills, with attention to detail and consistency.
• Excellent written communication skills in English.
• Good command of Excel, or other data structuring tools.
• Curious, methodical, and comfortable working with documentation and regulatory content.

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI-powered tools is only permitted to a limited extent

Our expectations:

Application documents must authentically reflect your own qualifications, personality, and motivation.

The use of AI for supportive purposes (e.g. spell-checking, improving wording) is acceptable.

Fully generated application documents created by AI without personal adaptation or review are not permitted.

Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.