CTRL Disrupt

What We Do

About

Insights

Start a Conversation

← All roles

Internship

Graduate Intern - Security & Risk Management

September / February

Delft, Netherlands (hybrid)

This is a research internship, not a client-delivery role. You won't be staffed on engagements, instead you'll take on the questions behind the work: how new regulations like NIS2 and the EU AI Act actually land for organisations, how frameworks compare in practice, where the field is heading, and what that means for how we advise. Your output is thinking we can use.

You'll be paired with experienced colleagues who set the direction, give you context, and offer honest feedback. We're small enough that good research genuinely shapes how we work, and structured enough that you'll come away understanding how a managed security and risk office runs, governance, risk management, compliance, and the regulatory landscape around them.

Most of your work is independent and desk-based. Occasionally, where a piece of research calls for it, you may speak with a client or contact directly to gather what you need, always with guidance, never as account work.

It's a graduate internship for bachelor's or master's students, based in Delft and worked hybrid. We run two intakes a year, starting in September or February, typically for five to six months, with room to flex around your study requirements.

Requirements

  • Currently studying towards, or recently completed, a bachelor's or master's degree — ideally in a relevant field (security, IT, risk, law, business, public administration, or similar), though curiosity matters more than the exact subject.

  • Strong research instincts: you enjoy getting to the bottom of a question, can separate signal from noise, and know how to structure what you find.

  • A clear thinker and clear communicator — you can take something complex and explain it simply, in writing and in conversation.

  • Comfortable working independently, organised enough to manage your own threads, and unafraid to ask questions.

  • Available to be based in Delft (hybrid) and to start in September or February.

  • Working proficiency in English; Dutch is a strong plus given our clients and the Dutch regulatory context.

  • As with every CTRL Disrupt colleague, joining involves pre-employment screening (including a VOG / Certificate of Conduct). Standard practice in our field, and nothing to worry about.

Apply for this role.

By applying, you agree to our Privacy Policy for how we handle your application.

CTRL Disrupt

Your Managed Security & Risk Office.
Based in the Netherlands.

COMPANY

What We Do

About

Insights

Careers

Contact

EXPERTISE

ISO 27001

NIS2

BIO2.0

EU AI Act

AI Security & Compliance

CONNECT

+31 (0)15 217 0923

info@ctrl-disrupt.nl

LinkedIn

MainDeck

Marshalllaan 2
2625 GZ Delft
The Netherlands

© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.

Privacy Policy