Information Security- Internship Barcelona

Since 2015 papernest has been transforming the way people manage their contracts making subscription management and switching simple through one smart intuitive platform.

We have supported more than 2 million customers across France Spain and Italy. Along the way we have continued to invest in new verticals establishing papernest as a high-performing innovative and competitive scale-up in a fast-growing market.

With over 900 employees we are strengthening our position as a European market leader.

Security at papernest is scaling up. We are looking for an organized and curious Information Security Intern to join our Infrastructure & Security team for a six-months internship starting from June.

You will work side-by-side with our Senior SecOps Engineer and report to the Head of Infrastructure. While the engineering team builds the technical defenses your mission is to build the process defenses ensuring that our security is documented compliant and clearly communicated across the company.

Your Mission

You will be the guardian of the framework. You will help turn our security activities into a structured audit-ready program focusing heavily on Governance Risk and Compliance (GRC).

Key Responsibilities

1. Compliance & Audit Readiness (NIS2 & PCI-DSS)

• Assist in the NIS2 compliance project by helping map our current measures against essential entity obligations.

• Support PCI-DSS oversight by collecting evidence (screenshots logs configs) and organizing them for external auditors.

• Help manage our continuous compliance platforms (e.g. assisting with Vanta-driven workflows) to ensure we are always audit-ready.

2. Policy Framework & Documentation

• Act as the librarian for our security knowledge. You will help centralize format and update our Security Policy Framework to ensure it is accessible to all employees.

• Work on Internal audit preparation by ensuring all procedures (from onboarding to incident response) are written down and up to date.

• Assist in documenting security KPIs and preparing reports for leadership.

3. Vendor & Third-Party Risk Management

• Take ownership of the Vendor security due diligence process. You will send out security questionnaires to new tools/partners and review their answers.

• Maintain our register of third-party risk assessments and ensure contractual security clauses are tracked.

4. Operational Support

• Assist the Senior Engineer in tracking vulnerability remediation by following up with developers to ensure tickets are closed on time.

• Help organize security awareness campaigns (phishing simulations training sessions) to boost our internal culture.

What We Are Looking For

• Student in Business (IT Management) Computer Science or Cybersecurity with a focus on GRC.

• Detail-Oriented: You love checklists organized folders and clear documentation.

• Strong Writing Skills: You can explain complex rules in simple clear English.

• Interest in Regulations: You are curious about GDPR NIS2 and PCI-DSS and want to learn how they apply to a real tech scale-up.

• Tech-Savvy: You dont need to be a coder but you are comfortable with tech tools (Jira Notion Excel) and understand the basics of how a SaaS company works.

Why this internship

• Mentorship: You will work directly with a Senior SecOps expert bridging the gap between legal requirements and technical reality.

• Real Impact: You wont just be filing papers; you will be building the compliance engine that allows papernest to operate in regulated markets.

What we offer :

Evolve in an international and inclusive environment: everyone has a place at papernest and with more than 46 different nationalities its not uncommon here to start a sentence in English and finish it en français o en español

Compensation & partnerships: your talent deserves to be rewarded! Enjoy a compensation of 800 monthly for your internship. We value every contribution and are committed to offering attractive remuneration for your efforts and dedication. Also with your papernest badge you will have access to various partner services (restaurants wellness centers mobility...).

Meals: a healthy and balanced breakfast is offered every Friday!

Career Development: at our company interns are not just photocopy-coffee assistants! As a full-fledged team member youre here to learn but also to share your ideas and implement projects. Youll be supported throughout your journey to maximize your skills and prepare for your future.

Remote Work: enjoy 1 day of remote work per week to optimize your focus and efficiency.

Hiring process:

• 1st call with Carmen Talent Acquisition

• 2nd call with the manager of the Infrastructure & Security team

• A technical test

Interested in this challenge

Then dont hesitate any longer; we look forward to meeting you! Regardless of your age gender background religion sexual orientation or disability you have a place with us. Our selection processes are designed to be inclusive and our work environment is adapted for everyone.

We particularly encourage applications from women. Even if you feel that you do not meet all the criteria outlined in this job posting know that every application is valuable. We firmly believe that diverse and varied backgrounds enrich our team. We will carefully consider your application as parity and diversity are essential assets for our success.