Information Security & Compliance Internship

O.C. Tanner is the global leader in software and services that improve workplace culture through meaningful employee experiences. Our Culture Cloud is a suite of apps designed to enhance the employee experience with strategic recognition, service awards, wellbeing, leadership, and events that help people thrive at work. Our Culture by Design approach provides expert services to organizations looking to create great workplaces.

Our global team of 1,500 people hail from 58 countries and speak 62 languages. As programmers, researchers, designers, client professionals and craftspeople we create the tech, tools and awards that connect employees to purpose at thousands of companies. Join us as we help people all over the world thrive at work.

We are seeking a motivated Information Security & Compliance Intern to support our Information Security and Compliance teams. This role provides hands-on exposure to security governance, risk management, compliance operations, and security awareness, while working alongside experienced security engineers and compliance professionals.

The intern will assist with SOC 2 compliance activities, policy documentation, risk assessments, vendor security reviews, and security awareness initiatives, gaining practical experience in how security and compliance function in a modern enterprise environment.

This role is ideal for students pursuing a degree in Cybersecurity, Information Systems, Computer Science, or a related field who are interested in building a career in information security or compliance.

Key Responsibilities

· Assist with security and compliance documentation, including policies, standards, procedures, and evidence tracking

· Support SOC 2 and other compliance activities, including evidence collection and control validation

· Help maintain risk registers, audit trackers, and compliance artifacts

· Participate in vendor security assessments and third‑party risk reviews

· Assist with security awareness and phishing training programs

· Review and document access reviews, user account controls, and least‑privilege practices

· Help analyze security findings, gaps, and remediation status

· Contribute to runbooks, playbooks, and internal knowledge base documentation

· Collaborate with InfoSec, Compliance, IT, and Engineering teams on security initiatives

· Perform research on security frameworks, regulatory requirements, and emerging risks

Learning Opportunities

As an intern, you will gain exposure to:

· SOC 2 Type II controls and audit processes

· Information security governance and compliance operations

· Security risk management and documentation best practices

· Security awareness training and phishing simulations

· Vendor risk management and security questionnaires

· Real-world InfoSec tooling, workflows, and cross‑team collaboration

Required Qualifications

· Strong interest in information security, compliance, or risk management

· Basic understanding of security principles (CIA triad, least privilege, access controls)

· Strong written and verbal communication skills

· Detail‑oriented with good organizational skills

· Ability to handle sensitive information with professionalism and discretion

· Comfortable working independently and in a team environment

Preferred Qualifications

· Coursework or familiarity with security frameworks (SOC 2, NIST, ISO 27001)

· Interest in governance, risk, and compliance (GRC) roles

· Experience with documentation tools (Confluence, SharePoint, Google Docs, etc.)

· Exposure to security awareness tools or phishing concepts

· Basic knowledge of cloud platforms (AWS, Azure) or identity systems

What We Offer

· Hands-on, real‑world InfoSec and Compliance experience

· Mentorship from experienced security and compliance professionals

· Exposure to enterprise security tools and audit processes

· Flexible schedule to support academic commitments

· A strong foundation for a future career in cybersecurity or compliance