Cybersecurity GRC Intern

Unmatched excellence. Customers count on MEC as an industry-leading, value-added manufacturing partner, guided by One MEC. One Mission. Leveraging our deep engineering expertise and maintaining consistent processes across design services, prototype, production, and aftermarket products, we provide cost-effective and robust solutions across multiple industries worldwide. With decades of experience and steadfast partnerships, MEC is committed to delivering only the highest quality products and solutions to meet every customer's unique needs.

The Cybersecurity GRC Intern will support the organization's Governance, Risk, and Compliance program by assisting with documentation development, compliance activities, security exercises, and ongoing cybersecurity research. This role is ideal for students or earlycareer professionals who want handson experience in realworld security program operations. The intern will collaborate closely with Cybersecurity, IT, Audit, and business teams to help strengthen the organization's security posture, support audit readiness, and contribute to executivelevel reporting and communication.

Part Time, Hybrid Internship (on site in Byron Center, Michigan)

Governance & Documentation

Participate in cybersecurity documentation review including policies, standards, procedures, and process guides.
• Learn how GRC documentation repositories are organized by helping assess materials for clarity, accessibility, and audit readiness.
• Support the development of diagrams, workflows, and templates to improve documentation quality while gaining experience with security documentation best practices.

Risk Management & Compliance

• Observe and assist with ongoing SOX ITGC audit activities, including evidence collection, controls tracking, and remediation followup to gain an understanding of audit processes.
• Assist with maintaining risk and compliance tracking tools, dashboards, and reporting artifacts while developing familiarity with GRC tools.
• Observe and contribute to control review activities by helping document findings, observations, and recommendations alongside experienced team members.

Security Exercises & Incident Preparedness

• Participate in tabletop exercises and cybersecurity drills to simulate incident response scenarios to better understand incident response roles, communication, and decisionmaking processes.

Threat Intelligence & Research

• Conduct threat intelligence research to learn how emerging vulnerabilities, threat actor activity, and cybersecurity trends are monitored.
• Summarize research findings and contribute to weekly intelligence reporting for internal distribution and risk discussions.

Reporting & Communications

• Support monthly GRC and Cybersecurity initiatives by:
• Contributing to newsletter ideas and content (security tips, recent threats, program updates).
• Gaining handson experience visualizing data to help communicate cybersecurity risk and security posture to leadership audiences through drafting charts, metrics and summary narratives alongside experienced team members.

Skills Gained During Internship

• Handson exposure to GRC operations and security program management.
• Experience with SOX controls, evidence processes, and audit methodology.
• Practical understanding of risk assessments, compliance documentation, and cybersecurity frameworks.
• Threat intelligence analysis and professional reporting experience.
• Participation in realworld incident response exercises and security simulations.
• Understanding of highlevel communication and metrics development skills.

Currently pursuing a degree in Cybersecurity, Information Technology, Computer Science, Business, or a related field.

Strong written communication skills with the ability to translate technical topics into businessfriendly language.

Interest in governance, risk, compliance, audit, or cyber program development.

Familiarity with frameworks such as NIST, ISO 27001, CIS Controls, or SOX (preferred but not required).

Ability to manage multiple tasks, stay organized, and work both independently and collaboratively.

Basic understanding of cybersecurity concepts, threats, and terminology.