Information Security- Internship - Barcelona

<p><span>Since 2015, papernest has been transforming the way people manage their contracts, making subscription, management, and switching simple through one smart, intuitive platform.</span></p><p><span>We have supported more than 2 million customers across France, Spain, and Italy. Along the way, we have continued to invest in new verticals, establishing papernest as a high-performing, innovative, and competitive scale-up in a fast-growing market.</span></p><p><span>With over 900 employees, we are strengthening our position as a European market leader.&nbsp;</span></p><p><span>Security at papernest is scaling up. We are looking for an organized and curious Information Security Intern to join our Infrastructure &amp; Security team for a <strong>six-months internship</strong> starting from <strong>June</strong>.</span></p><p><span>You will work side-by-side with our Senior SecOps Engineer and report to the Head of Infrastructure. While the engineering team builds the technical defenses, your mission is to build the process defenses ensuring that our security is documented, compliant, and clearly communicated across the company.</span></p><h3><span><strong id="docs-internal-guid-8dd0063d-7fff-ba29-0b21-d847ad420664">Your Mission</strong></span></h3><p><span>You will be the "guardian of the framework." You will help turn our security activities into a structured, audit-ready program, focusing heavily on Governance, Risk, and Compliance (GRC).</span></p><h3><span><strong id="docs-internal-guid-8dd0063d-7fff-ba29-0b21-d847ad420664">Key Responsibilities</strong></span></h3><p><span><em>1. Compliance &amp; Audit Readiness (NIS2 &amp; PCI-DSS)</em></span></p><ul><li><p><span>Assist in the NIS2 compliance project by helping map our current measures against essential entity obligations.</span></p></li><li><p><span>Support PCI-DSS oversight by collecting evidence (screenshots, logs, configs) and organizing them for external auditors.</span></p></li><li><p><span>Help manage our continuous compliance platforms (e.g., assisting with Vanta-driven workflows) to ensure we are always audit-ready.</span></p></li></ul><p><span><em>2. Policy Framework &amp; Documentation</em></span></p><ul><li><p><span>Act as the librarian for our security knowledge. You will help centralize, format, and update our Security Policy Framework to ensure it is accessible to all employees.</span></p></li><li><p><span>Work on Internal audit preparation by ensuring all procedures (from onboarding to incident response) are written down and up to date.</span></p></li><li><p><span>Assist in documenting security KPIs and preparing reports for leadership.</span></p></li></ul><p><span><em>3. Vendor &amp; Third-Party Risk Management</em></span></p><ul><li><p><span>Take ownership of the Vendor security due diligence process. You will send out security questionnaires to new tools/partners and review their answers.</span></p></li><li><p><span>Maintain our register of third-party risk assessments and ensure contractual security clauses are tracked.</span></p></li></ul><p><span><em>4. Operational Support</em></span></p><ul><li><p><span>Assist the Senior Engineer in tracking vulnerability remediation by following up with developers to ensure tickets are closed on time.</span></p></li><li><p><span>Help organize security awareness campaigns (phishing simulations, training sessions) to boost our internal culture.</span></p></li></ul><h3><span><strong id="docs-internal-guid-8dd0063d-7fff-ba29-0b21-d847ad420664">What We Are Looking For</strong></span></h3><ul><li><p><span>Student in Business (IT Management), Computer Science, or Cybersecurity with a focus on GRC.</span></p></li><li><p><span>Detail-Oriented: You love checklists, organized folders, and clear documentation.</span></p></li><li><p><span>Strong Writing Skills: You can explain complex rules in simple, clear English.</span></p></li><li><p><span>Interest in Regulations: You are curious about GDPR, NIS2, an