Internship - Interactive Gamified Session: ISMS Simulation

NVISO is a pure-play cyber security consulting firm: our team is composed of security professionals who each have their specific field of expertise, ranging from Information Security Governance, Risk & Compliance to Incident Response, Penetration Testing, CSIRT/SOC, Software Security, and Training & Awareness. This fantastic blend of skills enables us to help organizations prevent, detect, and respond to complex security challenges.

As a Cybersecurity Governance Intern, you will design and develop an interactive gamified simulation of an ISMS project, helping participants experience what it’s like to build and operate an ISO 27001 information security management system in a realistic environment.

The objective is to create a learning-by-doing experience where players take on roles (CISO, ISMS core team, legal, procurement, etc.), make governance and risk decisions, produce simplified deliverables (risk register, SoA, policies), and see the impact of their decisions through a simulated audit or scoring mechanism.

The audience the exercise is addressed too are both NVISO employees lacking specific expertise in the fields, but customers and their teams as well.

This project will combine content design, game mechanics, and cybersecurity governance knowledge, and will be used internally to train consultants or externally as a client awareness exercise.

Responsibilities

• Design the fictional company scenario, including sector, size, IT landscape, assets, and organization chart

• Develop game mechanics and materials, such as:

• Decision or “game” cards (assets, risks, controls, policies)
• Role cards for different players (CISO, Legal, Procurement, etc.)
• Scoring system simulating audit performance and risk exposure.

• Draft ISMS deliverables (risk register, SoA, policy templates) for use in the simulation.

• Create facilitator documentation:

• Game rules, timing, and facilitator script
• Presentation slides and templates for each round

• Evaluation sheet and debrief material

• Prototype and test the game, including:

• One internal pilot session to validate clarity and timing

• Adjustment of content based on participant feedback

• Optionally: explore digitalization.

• Currently pursuing a degree or master degree in Cybersecurity, Governance, Computer Science, Data Analytics, or a related field;
• Basic understanding of ISO 27001 and information security governance;
• Strong analytical and synthesis skills, with attention to detail and consistency;
• Interest in education, gamification, and innovation in training methods;
• Creativity and problem-solving mindset;
• Excellent written communication skills in English;
• Curious, methodical, and comfortable working with documentation and regulatory content.

Output of Internship
By the end of the internship, the student will have produced:

• A fully operational gamified ISMS simulation ready for use in internal training or client workshops.
• A complete set of facilitator and player materials, including roles, scenarios, cards, slides, and evaluation templates.
• A pilot report summarizing lessons learned and improvement ideas.
• Valuable practical knowledge of ISO 27001 governance, ISMS implementation logic, and cybersecurity awareness design.

Learning Opportunities

• Hands-on exposure to the structure of an ISMS project and ISO 27001 certification logic.
• Experience in training design and gamification methodologies.
• Collaboration with NVISO consultants to ensure alignment with real governance practices.
• Insight into how to translate technical and governance concepts into engaging, interactive learning tools.

Disclaimer on the Use of AI Tools in the Application Process

Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI-powered tools is only permitted to a limited extent.

Our expectations:

Application documents must authentically reflect your own qualifications, personality, and motivation.

The use of AI for supportive purposes (e.g. spell-checking, improving wording) is acceptable.

Fully generated application documents created by AI without personal adaptation or review are not permitted.

Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.