Risk Management Intern

Role Overview

This part-time on-site internship is based in Riyadh and offers practical exposure to governance, risk management, and compliance work within a semi-government environment. The position is designed for students who want to build a strong foundation in cybersecurity and enterprise risk practices while supporting day-to-day GRC activities.

Governance

• Contribute to the review, formatting, and upkeep of information security policies, standards, and procedures.
• Assist with the organization-wide security awareness program by helping draft newsletters, monitoring training completion, and supporting phishing simulation setup.
• Prepare presentation decks and management reports covering security metrics.

Risk Management

• Observe senior team members as they carry out IT and cybersecurity risk assessments.
• Support third-party risk management by reviewing basic vendor security questionnaires and arranging vendor-related records.
• Maintain the risk register by recording new risks and following up on remediation actions.

Compliance

• Help collect and organize supporting evidence for audits such as SOC 2, ISO 27001, and HIPAA.
• Track remediation progress for audit observations and findings.
• Keep a central, well-organized repository of compliance documents and certifications.

What You Will Learn

• How industry frameworks such as NIST, ISO 27001, and SOC 2 are applied in real business settings.
• Ways to convert technical IT and cybersecurity issues into business risk language.
• Practical experience with GRC tools and platforms.
• How third-party vendor risk reviews are performed.

Qualifications

• Applicants should be currently enrolled in a Bachelor’s or Master’s program in Cybersecurity, Information Technology, Management Information Systems, Business, Law, or a similar field.
• Rising juniors, seniors, and master’s students are preferred.
• A basic grasp of IT fundamentals and introductory cybersecurity concepts is expected.