Graduation Internship: Iso 27001 / Information Security Management System

About Artefact

Artefact is a global data and AI consultancy that helps organizations create value from data, technology, and artificial intelligence. Artefact Netherlands works with clients on data-driven transformation, analytics, AI, digital marketing, and technology implementation.

As our organization continues to grow, information security is becoming increasingly important for our clients, partners, and internal operations. To strengthen our security posture and meet regulatory and customer requirements, Artefact Netherlands is preparing to implement an Information Security Management System, or ISMS, and work towards ISO 27001 certification.

About the assignment

Artefact Netherlands is looking for a motivated graduation intern who will support the implementation of an Information Security Management System and help prepare the organization for ISO 27001 certification.

The goal of the internship is to help Artefact Netherlands reduce information security risks, improve governance, and become demonstrably compliant with relevant regulations and customer requirements. A key part of this objective is achieving readiness for ISO 27001 certification.

You will work closely with the Artefact project manager and will have access to relevant policies, systems, documentation, and internal stakeholders. In addition, a sounding board from Artefact's headquarters in France will be available to provide knowledge, feedback, and alignment with the broader Artefact organization.

The scope and timelines of the project are clearly defined. Dedicated time for mentorship and guidance will be provided throughout the internship.

Your responsibilities

During the internship, you may work on activities such as:

• Performing an ISO 27001 gap analysis against the current situation.
• Supporting the definition of the ISMS scope.
• Mapping relevant assets, processes, stakeholders, and information flows.
• Supporting the setup of a risk assessment methodology.
• Creating or improving the information security risk register.
• Identifying required ISO 27001 controls and assessing their applicability.
• Supporting the development of a draft Statement of Applicability.
• Reviewing and improving information security policies and procedures.
• Helping define evidence requirements for certification readiness.
• Supporting awareness and communication activities within the organization.
• Preparing a practical implementation roadmap towards ISO 27001 certification.
• Documenting findings and recommendations in a graduation thesis.

The exact scope of the assignment will be aligned with the student's study program, interests, and graduation requirements.

Your profile

We are looking for a proactive and curious student who is interested in the intersection of information security, business processes, risk management, governance, and organizational change.

You are currently studying in a relevant field such as Business IT & Management, HBO-ICT, Cyber Security, Information Security, Information Management, Business Information Technology, IT Service Management, Information Science, or Risk Management/IT Governance.

You do not need to be an ISO 27001 expert yet, but you are motivated to learn and enjoy working on topics where technology, organization, risk, and compliance come together.

To be successful in this role, you bring:

• Analytical skills: You can understand complex processes, identify gaps, structure information, and translate findings into practical recommendations.
• Affinity with information security: You are interested in cybersecurity, risk management, compliance, governance, or related topics. Knowledge of ISO 27001 is a plus.
• A structured way of working: You can organize your work, document findings clearly, and manage your own deliverables.
• Strong communication skills: You are comfortable engaging with different stakeholders and translating complex topics into clear language.
• Critical thinking and pragmatism: You can assess risks, challenge assumptions, and balance security requirements with business needs.
• Availability: You are available for a 5-6 month graduation internship and are able to work in a hybrid setup from our Utrecht office.

What you will learn

This internship offers the opportunity to gain hands-on experience with a real ISO 27001 implementation trajectory in a professional consultancy environment.

During the internship, you will learn how to:

• Set up and structure an Information Security Management System.
• Understand the practical application of ISO 27001.
• Conduct a security gap analysis.
• Perform or support information security risk assessments.
• Translate security risks into concrete improvement actions.
• Work with governance, policies, procedures, controls, and evidence.
• Prepare an organization for certification readiness.
• Engage with stakeholders across business, technology, and management.
• Balance compliance, risk reduction, and practical implementation.
• Work in an international organization with support from both local and global stakeholders.
• Develop a graduation thesis with direct practical value.

You will gain valuable experience in information security governance, risk management, and compliance. These are highly relevant skills for future roles such as information security officer, security consultant, IT risk consultant, privacy/security analyst, business IT consultant, or GRC specialist.

What we offer

• A competitive internship salary, an NS Business Card to travel to the office, great office lunches, a strong company culture, and other employee benefits.
• A clearly scoped graduation assignment with practical business relevance.
• Close collaboration with an Artefact project manager.
• Dedicated mentorship and guidance throughout the internship.
• Access to relevant policies, systems, documentation, and stakeholders.
• A sounding board from Artefact headquarters in France.
• Exposure to a professional data, AI, and technology consultancy environment.
• Dedicated time to work on your graduation thesis (approximately two days per week).
• A hybrid working environment from our Utrecht office.
• The opportunity to make a visible contribution to Artefact Netherlands' information security maturity.

Interested?

Are you looking for a graduation internship in information security, ISO 27001, risk management, and IT governance? We would like to hear from you.

Please send your CV and a short motivation explaining why this assignment interests you.

Possible research question

A possible graduation research question could be:

How can Artefact Netherlands implement an effective and pragmatic Information Security Management System in order to reduce information security risks and become ready for ISO 27001 certification?

This research question can be further refined together with the student and the educational institution to ensure it meets graduation requirements.