Internship: Cloud Security (ISO 27017)

Would you like to delve into cloud security and make an immediate impact on services used throughout the education and research sectors? During this internship, you’ll work on implementing ISO 27017 at SURF. You’ll combine analysis with hands-on work and help make security policies practical and actionable.

Where you will work

SURF is the ICT cooperative for Dutch educational and research institutions. Together with them, we work on digital services and complex innovation challenges to enhance the quality of education and research. As a Cloud Security intern, you’ll make a direct contribution by translating security standards into concrete applications within our cloud services.

The team you will join

You will work closely with the central CISO team and one of the product teams responsible for cloud services such as Research Cloud or HPC Cloud. Together, they ensure that security is not only sound in theory but also practical and applicable within the organization.

You’ll receive guidance from experienced security specialists and work in an environment where knowledge sharing and collaboration are central. You’ll interact with various stakeholders, from policymakers to technical teams, gaining a clear understanding of how security works in practice within a complex organization.

You’ll primarily work from our office in Amsterdam, with regular visits to Utrecht and the option to work partially remotely.

What you will do

During this internship, you will work on the implementation of ISO 27017 within SURF’s cloud environment. You will combine an analytical assignment with a practical pilot project, translating policy into concrete applications.

Other responsibilities include:

• analyzing the existing ISMS and the application of ISO 27001 within SURF
• conducting a gap analysis between ISO 27001 and ISO 27017
• developing additional controls and proposals for the security baseline
• participating in a pilot within a specific cloud service
• translating policy into practical templates and procedures
• documenting and sharing results via the SURF knowledge base (Confluence)

Depending on your progress, you may expand your assignment to include privacy issues related to ISO 27018.

Your skills and experience

You’re curious about how security policies work in practice and want to actively contribute to them. You enjoy switching between analysis and implementation and aren’t afraid to take the initiative in a complex environment.

In addition, you have:

• a college or university level of work and thinking (e.g., IT, security, or information management)
• an affinity for IT, the cloud, and information security
• basic knowledge of ISO 27001 or risk management (or the motivation to quickly master this)
• strong analytical skills and the ability to maintain an overview
• good communication skills and a proactive attitude

Practical Information

• Period: September 2026 – February 2027 (negotiable)
• Scope: full-time (32–40 hours per week, negotiable)
• Location: Amsterdam and Utrecht (hybrid work possible)
• Internship stipend: €500 gross per month (for full-time)

Prior to starting this internship, a VOG must be presented.

SURF takes pleasure in doing its recruitment itself; acquisition is therefore not appreciated.