Location: US, Remote. Must reside and work within the US for the duration of internship.
Internship Overview:
Be part of the mission to protect people, data, and trust. This 10‑week internship gives you hands‑on experience supporting critical cybersecurity and risk programs, helping ensure the company works securely with partners and builds a culture of security awareness. You’ll contribute to meaningful, real‑world work while developing skills that directly impact organizational resilience.
Our Security Analyst Intern must have reliable availability during agreed-upon collaboration windows for meetings and check-ins, communicate progress asynchronously, and meet weekly deliverables.
Key Responsibilities:
Assist with vendor risk assessments by collecting due diligence artifacts (e.g., SOC reports, security questionnaires, policies) and tracking status.
Review questionnaire responses and evidence for completeness; summarize observations and follow up with vendors and internal stakeholders for clarifications.
Help document vendor risks, compensating controls, and remediation items in the company’s third-party risk management (TPRM) system; maintain clean, audit-ready records.
Support security awareness training planning: build and maintain the training calendar, coordinate campaign logistics, and assist with rollout communications.
Assist with awareness platform setup (as applicable): user/group uploads, assignment rules, testing workflows, and QA of training modules and phishing simulations.
Track participation, completion, and simulation results; help produce simple metrics dashboards and end-of-campaign summaries.
Draft and update program documentation, job aids, FAQs, and internal wiki pages related to vendor assessments and security awareness.
Provide general support for GRC and security program activities as needed (e.g., meeting notes, light research, process improvement tasks).
Internship Requirements:
Currently pursuing a Bachelor’s or Master’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field.
Interest in (or coursework related to) third-party risk management, security governance, or compliance.
Strong organizational skills and attention to detail; able to manage multiple tasks and follow documented processes.
Familiarity with common security and privacy frameworks/attestations (e.g., SOC 2, ISO 27001, NIST CSF) is a plus; willingness to learn is required.
Clear written and verbal communication skills; comfortable collaborating with internal teams and following up with vendors professionally.
Proficiency with Microsoft Office (especially Excel) or Google Workspace; able to learn new tools quickly.
Able to work effectively in a fully remote environment, including participating in virtual meetings and communicating status clearly.
Must have reliable home office internet access.
Preferred Skills:
Experience with or interest in creating training content, communications, or internal documentation (e.g., writing, editing, basic design).
Comfort working with basic metrics and reporting (e.g., pivot tables/charts) and/or familiarity with learning management systems or security awareness platforms is a nice to have.
To learn more about our organization and the exciting work we do, visit www.cambiumlearning.com
Our Remote First approach gives employees the flexibility and trust they need to effectively balance work with life. It creates a culture in which all employees are valued and where success is measured in results. It allows us to work collaboratively, inclusively and for greater positive impact, regardless of our individual locations.
If you will be working remotely, either occasionally or on a permanent basis, you must have a reliable internet connection through a cable or fiber-optic broadband service with minimum speeds of 10 Mbps download and 5 Mbps upload.
The successful candidate will be expected to actively participate in video-based interviews during the recruiting process and ongoing virtual meetings with their camera on, as part of their role. To maintain confidentiality and ensure a fair evaluation process, the use of note-taking tools, reference materials, or AI-powered tools (including generative AI, language models, or similar technologies) during interviews or other selection activities is prohibited unless prior written approval has been obtained from the People Experience team. If you require an exception for medical, accessibility, or other reasons, please contact your Talent Acquisition team member to discuss accommodations in advance.
As part of our Remote-First benefits, Cambium offers reimbursement to help cover the cost of setting up your home or remote office.
An Equal Opportunity Employer
We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex (including pregnancy, gender, gender identity/expression, or sexual orientation), national origin, protected veteran status, disability, or genetic information (including family medical history).
We will provide reasonable accommodations for qualified individuals with disabilities. You may request an accommodation during the recruiting process with your Talent Acquisition team member.