
Malt · Paris
🪐 Discover our galaxy Join the Future of Work ! Malt is Europe's leading freelance marketplace, connecting over 1,000,000 talented freelancers with 100,000+ ...
🪐 Discover our galaxy
Join the Future of Work ! Malt is Europe's leading freelance marketplace, connecting over 1,000,000 talented freelancers with 100,000+ companies. Founded in 2013, we're transforming how work gets done through our tech-powered, human-centered platform. What makes us different:
Ready to help shape the future of work? Your next chapter starts here! 🪐
At Malt we believe that Ambition is the Way, so all lists of missions and responsibilities are non-exhaustive.
Explore your future career 🔭
You'll be joining the Security team, directly supporting the Head of Security.
Small team, big scope : we operate across GRC, application security, fraud, and incident response.
This isn't a "write policies in a corner" internship.
You'll get hands-on exposure to the full spectrum of security topics and be expected to take real ownership from day one.
This internship can turn into a permanent role if it’s a mutual fit.
ABOUT ARTEFACT Artefact is a global data and AI consultancy that helps organizations create value from data, technology, and artificial intelligence. Artefact Netherlands works with clients on data-driven transformation, analytics, AI, digital marketing, and technology implementation. As our organization continues to grow, information security is becoming increasingly important for our clients, partners, and internal operations. To strengthen our security posture and meet regulatory and customer requirements, Artefact Netherlands is preparing to implement an Information Security Management System, or ISMS, and work towards ISO 27001 certification. ABOUT THE ASSIGNMENT Artefact Netherlands is looking for a motivated graduation intern who will support the implementation of an Information Security Management System and help prepare the organization for ISO 27001 certification. The goal of the internship is to help Artefact Netherlands reduce information security risks, improve governance, and become demonstrably compliant with relevant regulations and customer requirements. A key part of this objective is achieving readiness for ISO 27001 certification. You will work closely with the Artefact project manager and will have access to relevant policies, systems, documentation, and internal stakeholders. In addition, a sounding board from Artefact’s headquarters in France will be available to provide knowledge, feedback, and alignment with the broader Artefact organization. The scope and timelines of the project are clearly defined. Dedicated time for mentorship and guidance will be provided throughout the internship. YOUR RESPONSIBILITIES During the internship, you may work on activities such as: * Performing an ISO 27001 gap analysis against the current situation. * Supporting the definition of the ISMS scope. * Mapping relevant assets, processes, stakeholders, and information flows. * Supporting the setup of a risk assessment methodology. * Creating or improving the information security risk register. * Identifying required ISO 27001 controls and assessing their applicability. * Supporting the development of a draft Statement of Applicability. * Reviewing and improving information security policies and procedures. * Helping define evidence requirements for certification readiness. * Supporting awareness and communication activities within the organization. * Preparing a practical implementation roadmap towards ISO 27001 certification. * Documenting findings and recommendations in a graduation thesis. The exact scope of the assignment will be aligned with the student’s study program, interests, and graduation requirements. YOUR PROFILE We are looking for a proactive and curious student who is interested in the intersection of information security, business processes, risk management, governance, and organizational change. You are currently studying in a relevant field such as Business IT & Management, HBO-ICT, Cyber Security, Information Security, Information Management, Business Information Technology, IT Service Management, Information Science, or Risk Management/IT Governance. You do not need to be an ISO 27001 expert yet, but you are motivated to learn and enjoy working on topics where technology, organization, risk, and compliance come together. To be successful in this role, you bring: * Analytical skills: You can understand complex processes, identify gaps, structure information, and translate findings into practical recommendations. * Affinity with information security: You are interested in cybersecurity, risk management, compliance, governance, or related topics. Knowledge of ISO 27001 is a plus. * A structured way of working: You can organize your work, document findings clearly, and manage your own deliverables. * Strong communication skills: You are comfortable engaging with different stakeholders and translating complex topics into clear language. * Critical thinking and pragmatism: You can assess risks, challenge assumptions, and balance security requirements with business needs. * Availability: You are available for a 5-6 month graduation internship and are able to work in a hybrid setup from our Utrecht office. WHAT YOU WILL LEARN This internship offers the opportunity to gain hands-on experience with a real ISO 27001 implementation trajectory in a professional consultancy environment. During the internship, you will learn how to: * Set up and structure an Information Security Management System. * Understand the practical application of ISO 27001. * Conduct a security gap analysis. * Perform or support information security risk assessments. * Translate security risks into concrete improvement actions. * Work with governance, policies, procedures, controls, and evidence. * Prepare an organization for certification readiness. * Engage with stakeholders across business, technology, and management. * Balance compliance, risk reduction, and practical implementation. * Work in an international organization with support from both local and global stakeholders. * Develop a graduation thesis with direct practical value. You will gain valuable experience in information security governance, risk management, and compliance. These are highly relevant skills for future roles such as information security officer, security consultant, IT risk consultant, privacy/security analyst, business IT consultant, or GRC specialist. WHAT WE OFFER * A competitive internship salary, an NS Business Card to travel to the office, great office lunches, a strong company culture, and other employee benefits. * A clearly scoped graduation assignment with practical business relevance. * Close collaboration with an Artefact project manager. * Dedicated mentorship and guidance throughout the internship. * Access to relevant policies, systems, documentation, and stakeholders. * A sounding board from Artefact headquarters in France. * Exposure to a professional data, AI, and technology consultancy environment. * Dedicated time to work on your graduation thesis (approximately two days per week). * A hybrid working environment from our Utrecht office. * The opportunity to make a visible contribution to Artefact Netherlands’ information security maturity. INTERESTED? Are you looking for a graduation internship in information security, ISO 27001, risk management, and IT governance? We would like to hear from you. Please send your CV and a short motivation explaining why this assignment interests you. POSSIBLE RESEARCH QUESTION A possible graduation research question could be: How can Artefact Netherlands implement an effective and pragmatic Information Security Management System in order to reduce information security risks and become ready for ISO 27001 certification? This research question can be further refined together with the student and the educational institution to ensure it meets graduation requirements.
WHO WE ARE Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work. ABOUT US: Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money. In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays.. This internship will take place from September – December 2026 and you will need to be able to work out of our SF office during this time. ABOUT THE ROLE: Millions of people use Notion — and this number is increasing every day. Our users depend on us to deliver a secure, consistent and trustworthy experience, and we value this more than anything. We want to keep building on that trust, while also continuing to amaze our users with the tools they can build in Notion. This is where you come in — partnering with teams across the organization to envision, plan and build Notion's Information Security posture for governance, risk and compliance. WHAT YOU'LL ACHIEVE: * Helping mature, and scale our Security Compliance, Sales Enablement, Training and Governance program. * Driving compliance evidence automation via building custom connectors * Supporting staff training around Security. * Scaling our on-call workflows to meet growing business demand using custom AI agents and automation. * Working cross-functionally to retain SOC2 Type II, ISO 27001, HIPAA, and other security certifications that exhibit assurance internally and externally. QUALIFICATIONS: * Pursuing a Bachelor's or Master’s degree in Computer Science, Information Technology, Management Information Systems, Cybersecurity, or another related field. * Previous internship experience. * Understanding of AI agents and AI-enabled coding tools. * Proficiency in Python, Rest API calls. * Experience independently executing tasks that require collaboration across multiple teams and time zones. * Ability to communicate nuanced ideas clearly when communicating with stakeholders. * A collaborative mindset—you enjoy working cross-functionally to accomplish shared goals and care about learning, growing, and helping others do the same. * This internship will take place from January – April 2026 and you will need to be able to work out of our SF office during this time. * You don’t need to be an AI expert, but you’re curious and willing to adopt AI tools to work smarter and deliver better results NICE TO HAVES: * Prior projects or work experience in the Security GRC domain, * Security credentials such as CISSP, CRISC, or ISO 27001 Lead Implementer. * Proficiency in SOAR (security orchestration & automation tools like Tines. We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you’re excited about a role but your past experience doesn’t align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you’re a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know. Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco, the estimated base hourly rate for this role is $50 - $54 based on qualifications. By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy. #LI-Onsite A NOTE ON AI You don’t need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement — when that’s the case, we'll say so explicitly in the qualifications. People who thrive here don’t treat AI as a novelty. They use it to think better, and make their work easier for others to build on. EQUAL OPPORTUNITY & ACCOMMODATIONS We hire talented people from a wide range of backgrounds. If you’re excited about this role but don’t meet every bullet, we still encourage you to apply. Notion is an equal opportunity employer and does not discriminate on the basis of any legally protected characteristic. Consistent with applicable law, we will consider for employment qualified applicants with arrest and conviction records. Notion provides reasonable accommodations during the application process; if you need one, please let your recruiter know. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.
🏨 L'ENTREPRISE Resilience transforme la prise en charge des patients en oncologie, gastro-entérologie et psychiatrie en améliorant l'accès aux soins et l'accompagnement sur toute la durée du parcours. Nos applications de santé ne doivent pas seulement améliorer la vie des patients : notre travail consiste à développer des techniques et des processus pour minimiser les risques sur les patients. Rejoindre Resilience, c'est contribuer à une mission concrète dans un environnement scale-up où autonomie et impact sont au cœur de notre culture. 📝 TON RÔLE En quelques mots : Tu es owner du programme de conformité sécurité (ISO 27001) au sein de l’équipe QARA (Quality, Assurance & Regulatory Affairs). Ta mission : Animer et piloter notre système de management de la sécurité de l'information (SMSI) et garantir la cohérence au système qualité existant (SMQ). C'est un poste spécialisé en GRC (Gouvernance, Risques et Conformité), avec une forte sensibilité santé : tu sais lire les exigences réglementaires qui touchent à la sécurité, tu travailles main dans la main avec tes collègues et le Security Manager, mais tu restes ancré dans ton cœur de métier tout en gardant en tête l'impact final sur le patient. Ton impact : Tu es le moteur opérationnel qui permet à Resilience de se développer sereinement sur des marchés régulés (santé, données sensibles) en garantissant notre posture de sécurité et notre crédibilité auprès des clients, partenaires et autorités. Ton quotidien : * Piloter et automatiser le SMSI ISO 27001 : Gestion proactive du programme ISO 27001— contrôles, registre des risques, politiques, audits, actions correctives. Construire et améliorer les workflows d'automatisation (Notion, agents IA, reporting) pour rester en permanence audit-ready avec une vraie curiosité pour l'innovation technologique. * Interface SMSI / cybersécurité des dispositifs médicaux : Assurer la cohérence entre SMSI et SMQ, monter en compétence pour accompagner les exigences de cybersécurité DM (IEC 81001-5-1, IEC 62443, SBOM, MDR Annexe I §17) en appui de l'équipe QARA, contribuer aux dossiers techniques et audits sur les volets sécurité, accompagner le gap assessment DiGA (BSI TR-03161) côté sécurité, assurer la veille FDA cybersecurity. * Préparer de nouveaux cadres réglementaires : Anticiper et traduire les exigences NIS2, HIPAA, SOC2 en contrôles pragmatiques et livrables concrets. ✨ TON ÉQUIPE Ici, on ne travaille pas en silo. Tu rejoins une structure agile où la conformité est un vrai sport d'équipe : * Ta Manager : Yasmine, la gardienne de la conformité réglementaire de nos dispositifs médicaux (DM). Elle t’apportera la vision stratégique "Santé" pour aligner tes chantiers sécurité avec les exigences du marché et te fera monter en compétence sur notre secteur. * Ton équipe de cœur (QARA) : Un trio d'experts passionnés. Ce sont tes interlocuteurs quotidiens pour tout ce qui touche au SMQ, aux dossiers techniques MDR et à la préparation des audits. * Ton binôme technique : Le Security Manager. Il est l'architecte des fondations techniques et de la défense. De ton côté, tu es le référent GRC / SMSI : tu traduis la technique en conformité et tu structures la gouvernance. * Le petit ➕ de l'équipe : Un contexte unique où sécurité de l'information et qualité dispositifs médicaux se rejoignent dans un système de management unifié. Tu seras au cœur de cette intégration, avec un impact direct sur des produits qui améliorent la vie de patients atteints de cancer. 👤 PROFIL RECHERCHÉ ⚙️ Tu es la bonne personne si tu sais : * Piloter et gérer un ISMS ISO 27001 (gestion des risques, audits internes, conception des preuves, actions correctives) * Traduire des exigences réglementaires en contrôles pragmatiques adaptés aux équipes techniques * Automatiser des workflows de conformité (collecte d'évidences, reporting, métriques) * Utiliser des outils modernes (Notion, Agents IA, systèmes de ticketing, bases de données) * Communiquer efficacement à l'écrit et à l'oral avec des stakeholders variés (technique, business, leadership) * Parler Anglais (B1) 🙂 Tu es la bonne personne si tu as : * Un fort sens de l'ownership : tu mènes tes sujets jusqu'au bout et débloques proactivement les autres. * Une approche pragmatique et orientée résultats, avec une capacité à embarquer les autres sur l'importance de la mission. * Du pragmatisme : tu sécurises sans ralentir - conformité élevée sans alourdir le quotidien des équipes. * Une excellente capacité de collaboration : tu construis la confiance avec les équipes techniques. * Une vraie curiosité pour les environnements régulés santé — tu n'as pas peur de lire un texte réglementaire et d'en tirer des implications concrètes * Un confort avec l'ambiguïté et l'autonomie en environnement scale-up. 📃 Tu es la bonne personne si tu as déjà : * + de 2 ans d'expérience en Gouvernance, Risques et Conformité (GRC) dans un environnement tech (SaaS fortement préféré, ou en cabinet de conseil avec une forte envie de passer chez le client final). * Travaillé en transverse avec des équipes engineering, product, legal. * Mis en place ou amélioré des processus de conformité dans un contexte de croissance. * Répondu à des questionnaires de sécurité clients, due diligence fournisseurs, ou audits externes. C'est un plus si tu : * Es certifié(e) ISO 27001 Lead Implementer ou Lead Auditor. * As une expérience en healthtech ou dispositifs médicaux. * Connais les exigences de cybersécurité DM (MDR §17, IEC 81001-5-1, SBOM) — la curiosité suffit si le reste est solide. 💛 POURQUOI NOUS REJOINDRE ? * Impact direct et ownership stimulant : Tu construis et animes le moteur de conformité. Tu ne maintiens pas de la documentation, tu conçois des systèmes, automatises des workflows et façonnes la manière dont la conformité fonctionne dans toute l'entreprise. * Culture pragmatique et automation-first : Nous utilisons des outils modernes (Notion, agents IA, automatisation de workflows) et travaillons en étroite collaboration avec les équipes techniques. Tu auras la liberté de construire des solutions intelligentes et scalables. * Mission à impact dans la santé : Ton travail permet de servir des populations vulnérables tout en maintenant les plus hauts standards de sécurité et de conformité. Impact concret sur l'amélioration de la prise en charge des patients. * Remote-first avec reporting direct : Travaille de n'importe où en France avec une équipe qui valorise la confiance, l'autonomie et la collaboration asynchrone. * Un contexte réglementaire rare et stimulant : Tu opères à l'intersection de la sécurité de l'information et des dispositifs médicaux — MDR, SMQ, SMSI, FDA. Un périmètre exceptionnel pour monter en compétence sur des enjeux de premier plan. GDPR : Your personal data will be processed for the purposes of recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. They will be available only for people involved in the process and erased after 2 years of inactivity. Under GDPR and as Resilience attach great importance to privacy, please note that you have the right to request access to your personal data, to request that your personal data be rectified or erased. The Data Protection Officer can be contacted at privacy@resilience.care For more information, please check our privacy policy.