Trainee - Information Security Governance

Les entreprises et les gouvernements comptent sur Thales pour apporter de la confiance aux milliards d’interactions numériques qu’ils établissent avec les utilisateurs. L’Activité Mondiale Identité & Sécurité Numériques (DIS) fournit des technologies et services (des logiciels sécurisés en passant par la biométrie ou encore le cryptage), qui permettent aux entreprises ainsi qu’aux gouvernements de vérifier des identités, et de protéger les données afin qu’elles restent sûres.

Internship Opportunity
Information Security Governance & Cybersecurity Strategy
Location: Zaventem , Belgium 
Duration: 3–6 months (flexible)

April 2027
Department: Information Security Governance (ISG)

About the Internship
We are offering internship opportunities within our Information Security Governance team. The internship focuses on governance, compliance, cloud security, AI integration, and emerging cybersecurity technologies.
Interns will work on strategic and technical security topics, combining research, solution design, comparison studies, automation development, and governance framework implementation.
The internship is designed for students in Cybersecurity, IT, Computer Science, Engineering, or related fields.

Internship Topics (Non-Exhaustive List)

1. Microsoft Security Copilot
•    Effective use of Security Copilot for incident response
•    Integration with SIEM solutions (e.g., Splunk)
•    Secure configuration and governance of Copilot usage
•    Audit frameworks to assess maturity and security level

2. CISO Assistant & Governance 2.0
•    Designing governance and compliance strategies
•    Configuring AI-assisted governance models
•    Leveraging AI (ChatGPT or others) for next-generation compliance management

3. Development of Automated O365 / Azure / AWS Audit Tools
•    Comparison of existing market solutions (CIS, MS DSC, ISO standards)
•    Using Microsoft Graph, APIs, connectors for automation
•    Continuous monitoring models (“Audit as a Service” / “Hardening as a Service”)

4. Microsoft Priva (GRC / ISG)
•    Defining a deployment strategy
•    Designing a data protection monitoring service
•    AI integration for proactive governance

5. OT Security – Market Comparison
(Armis, Defender for OT, Nozomi, Trend Micro)
•    Market comparison (pros/cons)
•    Security assessment of OT devices
•    Hardening and mitigation strategy implementation

6. (I)IoT Device Security
•    Vulnerability assessments
•    Market comparison (Armis, Pentera, others)
•    Hardening best practices and mitigation techniques

7. Identity & Access Management (IAM)
•    Market analysis of centralized access management solutions
•    Leveraging PAM solutions (Wallix and others)
•    IAG integration and access review optimization

8. Access Management Tool Comparison
•    Saporo vs open-source tools (PingCastle, BloodHound, others)
•    Capabilities assessment (methodology, strengths, weaknesses)
•    Service-oriented access review model

9. Phishing & Social Engineering Campaigns
•    Market solution analysis (phishing, smishing, vishing)
•    Designing “Phishing as a Service” models
•    Risk awareness and measurement frameworks

10. DLP Technologies
(Varonis, Netskope, Microsoft Purview, others)
•    Comparative analysis
•    Governance and technical implementation approach

11. Secure Deployment of Local AI (ChatGPT-type models)
•    Secure configuration and sandboxing
•    Network exposure analysis
•    Data exfiltration risks
•    Risk mitigation strategies

12. Compliance Automation
•    Automating compliance checks (GDPR, HIPAA, PCI-DSS)
•    Cloud security compliance scripting
•    AI-assisted compliance validation

13. Sector-Specific Security Architecture
•    Complete security analysis for specific environments (hospitals, water supply, transport, etc.)
•    Technical constraints analysis (e.g., shared workstations, operational environments, budget limitations)
•    Interconnection between tools and governance layers

Profile Required
•    Master’s student or final-year Bachelor in Cybersecurity, IT, Engineering, or related field
•    Strong interest in Governance, Risk & Compliance (GRC)
•    Analytical mindset with structured thinking
•    Ability to compare tools and define strategic recommendations
•    Autonomous, proactive, and research-driven
•    Programming/scripting skills are a plus (PowerShell, Python, APIs, etc.)

Language Skills
•    Fluent French and/or Dutch (mandatory)
•    Professional English required

What We Offer
•    Exposure to real governance and enterprise security environments
•    Strategic and technical hands-on experience
•    Mentorship from senior security professionals
•    Possibility to develop a deployable service or automation framework
•    Opportunity to contribute to innovation projects (AI & Governance)

Important Note
The topics listed above represent a preliminary and non-exhaustive set of ideas.

We strongly encourage students to propose their own internship subjects, particularly those aligned with emerging cybersecurity trends, AI integration, automation, or innovative governance approaches.

Thales, entreprise Handi-Engagée, reconnait tous les talents. La diversité est notre meilleur atout. Postulez et rejoignez nous ! 

Thales, entreprise Handi-Engagée, reconnait tous les talents. La diversité est notre meilleur atout. Postulez et rejoignez nous !