AirOverflow is looking for a methodical, detail-oriented, and compliance-minded Information Security Intern to join our Governance, Risk, and Compliance (GRC) function. While offensive security often takes the spotlight in cybersecurity, GRC is the backbone that holds organizations accountable, audit-ready, and resilient — and at AirOverflow, we treat it with exactly that level of seriousness. In this role, you will receive direct, hands-on exposure to some of the most widely recognized and respected frameworks in the information security world: SOC 2, ISO 27001, and ISO 42001. You will not simply be reading about these frameworks in theory — you will be actively involved in the processes, documentation, controls mapping, risk assessments, and compliance workflows that bring them to life within a real security organization. A significant and intentional part of this internship is working with modern compliance automation platforms — specifically Vanta, Drata, or Probo — which are the industry-standard tools that GRC professionals rely on to manage evidence collection, control monitoring, vendor assessments, and audit readiness at scale. AirOverflow believes that the next generation of GRC professionals needs to be fluent in both the frameworks and the platforms that operationalize them, and this internship is specifically designed to deliver both. If you are someone who finds structure, documentation, and systematic risk thinking as exciting as breaking systems, you will thrive here and build a foundation that opens doors across the entire information security industry.

A Note on Requirements: Our requirements for internship positions are not strict. The job description simply outlines what we would love for you to have — not a checklist you must fully satisfy. If you are curious, driven, and eager to learn, we want to hear from you.

What You'll Do

• Assist in implementing and maintaining controls aligned with SOC 2 (Trust Service Criteria), ISO 27001, and ISO 42001 frameworks
• Support evidence collection, documentation, and audit preparation activities across active compliance programs
• Work directly within compliance automation platforms — Vanta, Drata, or Probo — to monitor control status, track remediation tasks, and manage evidence requests
• Assist in conducting internal risk assessments, gap analyses, and vendor security reviews
• Help maintain and update information security policies, procedures, and control documentation
• Support the mapping of organizational processes and controls to relevant framework requirements
• Track and follow up on open findings, remediation timelines, and control owner responsibilities
• Research updates to compliance frameworks, regulatory changes, and industry best practices
• Contribute to audit readiness activities and liaise with internal teams to gather required evidence

What We're Looking For

• Basic understanding of information security principles, risk management, and compliance concepts
• Basic familiarity with at least one of the following frameworks: SOC 2, ISO 27001, or ISO 42001 — even at a conceptual or academic level
• Exposure to or awareness of compliance automation platforms such as Probo, Drata, or Vanta
• Strong organizational skills with exceptional attention to detail
• Ability to manage documentation, track tasks, and follow structured processes consistently
• Clear written communication skills — GRC is documentation-heavy and precision matters
• A methodical, process-driven mindset with the ability to work across multiple workstreams simultaneously
• Self-motivated with the ability to take ownership of assigned tasks and follow through independently

Nice to Have

• Hands-on experience using Probo, Drata, or Vanta — even in a personal, academic, or trial capacity
• Prior exposure to internal audits, vendor assessments, or security questionnaires
• Understanding of data privacy regulations such as GDPR or Pakistan's PDPA
• Familiarity with risk frameworks such as NIST CSF, ISO 31000, or COBIT
• Any coursework or certifications in information security management, such as ISO 27001 Foundation or CompTIA Security+
• Experience drafting or reviewing security policies and procedures

What We Provide

• Direct, practical exposure to SOC 2, ISO 27001, and ISO 42001 compliance programs in an active security organization
• Hands-on working experience with industry-leading compliance platforms — Probo, Drata, or Vanta
• Mentorship from experienced GRC and information security professionals
• Internship certificate and letter of recommendation upon successful completion
• A structured learning environment that builds both framework knowledge and practical platform fluency
• Potential to transition into a full-time GRC role based on performance
• A strong, verifiable foundation in GRC that is directly valued across industries including fintech, healthtech, SaaS, and enterprise security