Track Focus
SOC 2 Type II readiness
Trust Services Criteria mapping, policy gap remediation, evidence collection, risk register updates, and audit-ready documentation.
This track is sponsored by a security leader guiding Interlaced toward SOC 2 Type II certification.
Industry Sponsor
Troy Mason
Head of Security, Interlaced
Troy leads the security practice at Interlaced and will mentor interns as they help close control gaps, document evidence, and strengthen the compliance infrastructure needed for a Type II audit.
Contribute directly to audit readiness work that mirrors real-world GRC and security engineering roles.
Interlaced is an IT consulting and managed services firm with a formal security practice and a target of achieving SOC 2 Type II certification. This internship places a student inside that effort, working alongside the Head of Security to prepare evidence, improve documentation, and help close gaps before audit.
This is not a simulated compliance exercise. The intern’s work will feed a live readiness effort, including audit-ready evidence packages, remediation tracking, control mapping, and internal risk documentation used by the security practice.
Hands-on compliance work across control mapping, policy documentation, audit evidence, and risk tracking.
Control Mapping
Map current security controls to SOC 2 Trust Services Criteria.
Work across Security, Availability, Confidentiality, Privacy, and Processing Integrity to connect existing practices with audit expectations and identify where evidence or control language needs improvement.
Policy Remediation
Review and improve policy documentation against audit requirements.
Support updates for access control, change management, incident response, vendor management, and backup/recovery policies so documentation matches the operating reality of the business.
Evidence Collection
Build organized, audit-ready evidence packages for individual controls.
Collect screenshots, logs, export artifacts, and other proof points, then organize them in a way that helps auditors and internal stakeholders understand control operation over time.
Risk and Remediation Tracking
Contribute to the internal risk register and gap closure process.
Help document risks, treatment decisions, open gaps, owners, and closure timelines in the remediation tracker. Stretch work may include client-facing gap assessment or policy deliverables.
Concrete GRC artifacts that can be used in a real audit readiness program.
Gain practical experience in SOC 2, GRC tooling, compliance documentation, and MSP/MSSP security operations.
SOC 2 Type II
Trust Services Criteria, audit evidence standards, and the difference between having a control and proving it operates.
GRC Tooling
Exposure to Vanta, CIS Controls v8.1, and structured methods for organizing compliance evidence.
Policy Writing
Compliance-focused documentation for access control, change management, incident response, vendors, and recovery.
Risk Assessment
Gap analysis, risk treatment documentation, remediation tracking, and internal risk register maintenance.
MSP/MSSP Security
How operational security works in a managed services environment using tools such as Microsoft 365 and Azure.
View the full internship overview for program details, dates, and application information.