Intern, Cyber Risk & Control Engineer (Cybersecurity)

Get to Know the Team

The Cyber Risk & Control team is part of Grab's Cyber Security - Cyber Assurance function. We keep Grab's operations secure and compliant across Southeast Asian markets where regulatory requirements vary by country and continue to develop. Our work covers cyber policy, risk, and compliance - we balance regulatory obligations with operational realities so Grab can move fast without compromising on security or stability. The scope ranges from quick risk reviews to multi-quarter, organisation-wide compliance programmes.

We are a fast-paced team and expect people to be self-starters - to take ownership of their work, hold themselves accountable, and drive things forward without needing to be prompted. We make decisions collaboratively and work toward consensus, but we ask tough questions when something needs to be challenged. We are building automation and AI tooling to modernise how risk management works at Grab's scale.

Get to Know the Role

This internship is in the Cyber Risk & Control team, reporting to the Senior Manager, Risk and Control. You will also work regularly with the Security Automation team and get direct visibility into how both teams operate and where they intersect. The work is hands-on from day one - you will build AI agents and automation workflows to cut manual effort out of risk and compliance processes, contribute to internal tooling, and build dashboards that surface risk insights.

You will be onsite at our Petaling Jaya office five days a week.

The Critical Tasks You Will Perform

• You will design and build AI agents to automate GRC workflows - control assessments, evidence collection, risk narrative generation - using approved AI platforms.
• You will write Python scripts and API integrations to connect GRC platforms, ticketing systems, and internal data sources, cutting out the manual handoffs that slow the team down.
• You will build dashboards that pull from security and compliance data sources, so partners at any level can read the risk picture without needing a walkthrough.
• You will contribute to internal GRC tooling - risk registers, control libraries, compliance tracking workflows - and keep them usable as the team's needs change.
• You will document what you build and walk the team through it. Nothing you deliver should become a black box once you leave.