Vimeo empowers video creators to tell exceptional stories and connect with their audiences and communities. Home to more than 60 million members in over 150 countries, Vimeo is the world’s largest ad-free open video platform and provides powerful tools to host, share and sell videos in the highest quality possible.

As a Security - Governance, Risk, Compliance and Privacy Intern, you’ll work closely with business and technical stakeholders to ensure Vimeo remains safe and secure. You’ll help plan and carry out compliance measures to monitor and educate Vimeans and Vimeo customers about how to protect sensitive data and systems from infiltration and cyber-attacks. Provide hands-on support for a broad spectrum of compliance related initiatives to include audits, risk assessments, and regulatory tracking.

What you’ll do:

• Contribute to the security team at Vimeo, specifically through security education and compliance reporting. 
• Help to prioritize, triage and remediate risks identified and conduct research studies to understand areas of heightened compliance concern. 
• Assist in performing risk assessments of Vimeo’ key business areas and initiatives   
• Aid in improving security awareness for all Vimeans 
• Identify and remediate weaknesses in our policies and procedures
• Assist the GRCP team in complying with information security frameworks and meet regulatory requirements. 
• During your internship you will grow both technically and professionally in an awesome environment with tons of development opportunities to learn and do more

What we’re seeking:

• You are familiar with one or more of the following languages: Bash, Ruby, Python, PHP, Node.js
• You have some exposure to DevOps style tools like Ansible, Chef, Github, Jenkins, Puppet, etc
• You have some understanding of principle of least privilege and the confidentiality, integrity, and availability triad and will work to enforce those concepts in our environment
• Experience with web application penetration testing
• You are currently pursuing a BS in Computer Security, Cyber Security,  Political Science, Pre-Law, or related discipline, with an expected graduation date of 2022

Bonus points:

• Ability to translate abstract and vague regulatory requirements into cohesive actionable compliance tasks.
• Ability to collaborate in a team setting and moderate conversations involving cross-functional groups.
• Experience with application security, SaaS environments, or cloud security is a plus.