Security (GRC) Internship
UserTesting
We’re UserTesting, a leader in experience research and insights; we believe the path to human understanding and great experiences start with a shared understanding—seeing and hearing how another person engages with the world around them and taking in their perspective. Working at UserTesting, you will be empowered to help organizations discover the human side of business–transforming how they work, collaborate, innovate, and bring new products and experiences to market. This is what inspires us, and it’s how we enable companies to connect with their audiences naturally and organically through an experience that is uniquely, and intentionally human.
A trusted company by top brands for 15+ years, UserTesting, recently merged with UserZoom, has over 3,400 customers in 50 countries, including 75 of the Fortune 100 companies. Joining our team means being part of a passionate group focused on transforming how companies learn from and understand their customers. Come join us and help us build the engine for human understanding.
About the Team:
The Governance, Risk, and Compliance (GRC) Squad plays a crucial role in ensuring the organization's security policies, risk management frameworks, and regulatory compliance align with industry standards. The team is responsible for developing security policies, managing risk assessments, conducting internal audits, and ensuring compliance with frameworks such as ISO 27001, ISO 27701, SOC 2, GDPR, and other relevant regulations.
About the Role:
We are looking for a Security Governance, Risk and Compliance (GRC) Intern to join us in our Barcelona office, where they will receive mentorship and support from our Security team. During the internship, the selected candidate will contribute to strengthening UserTesting’s security posture and work on key projects related to security governance and compliance.
This internship position offers both full-time and part-time options.
What you will be doing:
Support compliance efforts for security frameworks such as ISO 27001, ISO 27701 and SOC 2.
Assist in maintaining and updating control monitoring tools, ensuring security controls are in place, gathering evidence, and preparing for audits.
Participate in security audits and track findings to ensure remediation.
Support the gradual implementation of an Artificial Intelligence (AI) Management System based on ISO 42001, ensuring compliance with best practices for AI governance.
Perform other duties as assigned to support the GRC Squad’s mission.
What we are looking:
Currently pursuing or recently completed a Computer or Telecommunications Engineering degree (or similar).
Basic understanding of information security frameworks, including ISO 27001, is recommended.
Strong analytical skills and attention to detail.
Strong verbal and written communication skills. High-level English proficiency is required.
Curiosity and eagerness to learn about information security. No prior security or data protection experience is required.
Other duties:
This job description is intended to outline the primary responsibilities of the role but is not an exhaustive list of all duties, responsibilities, or activities. These may change at any time, with or without notice, based on business needs.
UserTesting is an Equal Opportunity Employer and a participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. We welcome people of different backgrounds, experiences, abilities and perspectives. UserTesting will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance, as applicable.