Internship Interactive Gamified Session ISMS Simulation

NVISO is a pure-play cyber security consulting firm: our team is composed of security professionals who each have their specific field of expertise ranging from Information Security Governance Risk & Compliance to Incident Response Penetration Testing CSIRT/SOC Software Security and Training & Awareness. This fantastic blend of skills enables us to help organizations prevent detect and respond to complex security challenges.

Tasks

As a Cybersecurity Governance Intern you will design and develop an interactive gamified simulation of an ISMS project helping participants experience what its like to build and operate an ISO 27001 information security management system in a realistic environment.

The objective is to create a learning-by-doing experience where players take on roles (CISO ISMS core team legal procurement etc.) make governance and risk decisions produce simplified deliverables (risk register SoA policies) and see the impact of their decisions through a simulated audit or scoring mechanism.

The audience the exercise is addressed too are both NVISO employees lacking specific expertise in the fields but customers and their teams as well.

This project will combine content design game mechanics and cybersecurity governance knowledge and will be used internally to train consultants or externally as a client awareness exercise.

Responsibilities

• Design the fictional company scenario including sector size IT landscape assets and organization chart

• Develop game mechanics and materials such as:

• Decision or game cards (assets risks controls policies)

• Role cards for different players (CISO Legal Procurement etc.)

• Scoring system simulating audit performance and risk exposure.

• Draft ISMS deliverables (risk register SoA policy templates) for use in the simulation.

• Create facilitator documentation:

• Game rules timing and facilitator script

• Presentation slides and templates for each round

• Evaluation sheet and debrief material

• Prototype and test the game including:

• One internal pilot session to validate clarity and timing

• Adjustment of content based on participant feedback

• Optionally: explore digitalization.

Requirements

• Currently pursuing a degree or master degree in Cybersecurity Governance Computer Science Data Analytics or a related field;
• Basic understanding of ISO 27001 and information security governance;
• Strong analytical and synthesis skills with attention to detail and consistency;
• Interest in education gamification and innovation in training methods;
• Creativity and problem-solving mindset;
• Excellent written communication skills in English;
• Curious methodical and comfortable working with documentation and regulatory content.

Benefits

Output of Internship
By the end of the internship the student will have produced:

• A fully operational gamified ISMS simulation ready for use in internal training or client workshops.
• A complete set of facilitator and player materials including roles scenarios cards slides and evaluation templates.
• A pilot report summarizing lessons learned and improvement ideas.
• Valuable practical knowledge of ISO 27001 governance ISMS implementation logic and cybersecurity awareness design.

Learning Opportunities

• Hands-on exposure to the structure of an ISMS project and ISO 27001 certification logic.
• Experience in training design and gamification methodologies.
• Collaboration with NVISO consultants to ensure alignment with real governance practices.
• Insight into how to translate technical and governance concepts into engaging interactive learning tools.

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV cover letter case studies etc.) using AI-powered tools is only permitted to a limited extent.

Our expectations:

Application documents must authentically reflect your own qualifications personality and motivation.

The use of AI for supportive purposes (e.g. spell-checking improving wording) is acceptable.

Fully generated application documents created by AI without personal adaptation or review are not permitted.

Under no circumstances may NVISO information data or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.