Information Security Intern - Papernest H/F Papernest

Your mission :

You will be the "guardian of the framework." You will help turn our security activities into a structured, audit-ready program, focusing heavily on Governance, Risk, and Compliance (GRC).

Key Responsibilities

1. Compliance & Audit Readiness (NIS2 & PCI-DSS)

- Assist in the NIS2 compliance project by helping map our current measures against essential entity obligations.
- Support PCI-DSS oversight by collecting evidence (screenshots, logs, configs) and organizing them for external auditors.
- Help manage our continuous compliance platforms (e.g., assisting with Vanta-driven workflows) to ensure we are always audit-ready.

2. Policy Framework & Documentation

- Act as the librarian for our security knowledge. You will help centralize, format, and update our Security Policy Framework to ensure it is accessible to all employees.
- Work on Internal audit preparation by ensuring all procedures (from onboarding to incident response) are written down and up to date.
- Assist in documenting security KPIs and preparing reports for leadership.

3. Vendor & Third-Party Risk Management

- Take ownership of the Vendor security due diligence process. You will send out security questionnaires to new tools/partners and review their answers.
- Maintain our register of third-party risk assessments and ensure contractual security clauses are tracked.

4. Operational Support

- Assist the Senior Engineer in tracking vulnerability remediation by following up with developers to ensure tickets are closed on time.
- Help organize security awareness campaigns (phishing simulations, training sessions) to boost our internal culture.

Your profile :

Student in Business (IT Management), Computer Science, or Cybersecurity with a focus on GRC.

- Detail-Oriented: You love checklists, organized folders, and clear documentation.
- Strong Writing Skills: You can explain complex rules in simple, clear English.
- Interest in Regulations: You are curious about GDPR, NIS2, and PCI-DSS and want to learn how they apply to a real tech scale-up.

Tech-Savvy: You don't need to be a coder, but you are comfortable with tech tools (Jira, Notion, Excel) and understand the basics of how a SaaS company works.

What we offer :

Evolve in an international and inclusive environment: everyone has a place at papernest, and with more than 46 different nationalities, it's not uncommon here to start a sentence in English and finish it en français o en español ¡

Compensation & partnerships: your talent deserves to be rewarded! Enjoy a competitive compensation for your internship. We value every contribution and are committed to offering attractive remuneration for your efforts and dedication. Also, with your papernest badge, you will have access to various partner services (restaurants, wellness centers, mobility...).

Meals: a healthy and balanced breakfast is offered every Tuesday!

Career Development: at our company, interns are not just photocopy-coffee assistants! As a full-fledged team member, you're here to learn, but also to share your ideas and implement projects. You'll be supported throughout your journey to maximize your skills and prepare for your future.

Remote Work: enjoy 1 day of remote work per week to optimize your focus and efficiency.

Interested in this challenge?

Then don't hesitate any longer; we look forward to meeting you! Regardless of your age, gender, background, religion, sexual orientation, or disability, you have a place with us. Our selection processes are designed to be inclusive, and our work environment is adapted for everyone.

We particularly encourage applications from women. Even if you feel that you do not meet all the criteria outlined in this job posting, know that every application is valuable. We firmly believe that diverse and varied backgrounds enrich our team. We will carefully consider your application, as parity and diversity are essential assets for our success.

This year marks 10 years since we launched the idea that it is possible to simplify our customers' lives by offering an innovative solution that allows them to easily subscribe to, manage, and switch all types of contracts via a unique and intuitive platform.

In the meantime, we have supported more than 2 millions customers in France, Spain, and Italy, while investing in new verticals, positioning ourselves as a highly efficient, innovative, and competitive scale-up in a rapidly growing market.

With over 900 employees spread across 3 locations, we are consolidating our position as a market leader in Europe. We are always on the lookout for talent ready to join a dedicated and motivated team driven by a meaningful project. Working with us means embracing a culture of excellence, innovation, and real impact.

You will be the "guardian of the framework." You will help turn our security activities into a structured, audit-ready program, focusing heavily on Governance, Risk, and Compliance (GRC).

1. Compliance & Audit Readiness (NIS2 & PCI-DSS)

- Assist in the NIS2 compliance project by helping map our current measures against essential entity obligations.
- Support PCI-DSS oversight by collecting evidence (screenshots, logs, configs) and organizing them for external auditors.
- Help manage our continuous compliance platforms (e.g., assisting with Vanta-driven workflows) to ensure we are always audit-ready.

Assist in the NIS2 compliance project by helping map our current measures against essential entity obligations.

Support PCI-DSS oversight by collecting evidence (screenshots, logs, configs) and organizing them for external auditors.

Help manage our continuous compliance platforms (e.g., assisting with Vanta-driven workflows) to ensure we are always audit-ready.

2. Policy Framework & Documentation

- Act as the librarian for our security knowledge. You will help centralize, format, and update our Security Policy Framework to ensure it is accessible to all employees.
- Work on Internal audit preparation by ensuring all procedures (from onboarding to incident response) are written down and up to date.
- Assist in documenting security KPIs and preparing reports for leadership.

Act as the librarian for our security knowledge. You will help centralize, format, and update our Security Policy Framework to ensure it is accessible to all employees.

Work on Internal audit preparation by ensuring all procedures (from onboarding to incident response) are written down and up to date.

Assist in documenting security KPIs and preparing reports for leadership.

3. Vendor & Third-Party Risk Management

- Take ownership of the Vendor security due diligence process. You will send out security questionnaires to new tools/partners and review their answers.
- Maintain our register of third-party risk assessments and ensure contractual security clauses are tracked.

Take ownership of the Vendor security due diligence process. You will send out security questionnaires to new tools/partners and review their answers.

Maintain our register of third-party risk assessments and ensure contractual security clauses are tracked.

4. Operational Support

- Assist the Senior Engineer in tracking vulnerability remediation by following up with developers to ensure tickets are closed on time.
- Help organize security awareness campaigns (phishing simulations, training sessions) to boost our internal culture.

Assist the Senior Engineer in tracking vulnerability remediation by following up with developers to ensure tickets are closed on time.

Help organize security awareness campaigns (phishing simulations, training sessions) to boost our internal culture.

- Detail-Oriented: You love checklists, organized folders, and clear documentation.
- Strong Writing Skills: You can explain complex rules in simple, clear English.
- Interest in Regulations: You are curious about GDPR, NIS2, and PCI-DSS and want to learn how they apply to a real tech scale-up.

Detail-Oriented: You love checklists, organized folders, and clear documentation.

Strong Writing Skills: You can explain complex rules in simple, clear English.

Interest in Regulations: You are curious about GDPR, NIS2, and PCI-DSS and want to learn how they apply to a real tech scale-up.

Tech-Savvy: You don't need to be a coder, but you are comfortable with tech tools (Jira, Notion, Excel) and understand the basics of how a SaaS company works.

Evolve in an international and inclusive environment: everyone has a place at papernest, and with more than 46 different nationalities, it's not uncommon here to start a sentence in English and finish it en français o en español ¡

Compensation & partnerships: your talent deserves to be rewarded! Enjoy a competitive compensation for your internship. We value every contribution and are committed to offering attractive remuneration for your efforts and dedication. Also, with your papernest badge, you will have access to various partner services (restaurants, wellness centers, mobility...).

Meals: a healthy and balanced breakfast is offered every Tuesday!

Career Development: at our company, interns are not just photocopy-coffee assistants! As a full-fledged team member, you're here to learn, but also to share your ideas and implement projects. You'll be supported throughout your journey to maximize your skills and prepare for your future.

Remote Work: enjoy 1 day of remote work per week to optimize your focus and efficiency.

Interested in this challenge?

Then don't hesitate any longer; we look forward to meeting you! Regardless of your age, gender, background, religion, sexual orientation, or disability, you have a place with us. Our selection processes are designed to be inclusive, and our work environment is adapted for everyone.

We particularly encourage applications from women. Even if you feel that you do not meet all the criteria outlined in this job posting, know that every application is valuable. We firmly believe that diverse and varied backgrounds enrich our team. We will carefully consider your application, as parity and diversity are essential assets for our success.

At papernest, we believe life is too short for paperwork.

Our free digital platform allows users to centralize, optimize, subscribe to, and cancel all their contracts in just a few clicks: electricity, internet, insurance, and more. And this is only the beginning. From streaming services to everyday essentials, we're building tools that return time and peace of mind.