You are viewing a preview of this job. Log in or register to view more details about this job.

PCI DDS Research Internship

Smithsonian National Museum of African American History and Culture

NOTE: Applications submitted through Handshake will NOT be considered.

Full-Time Hybrid Internship

$850/week

June 1 – August 28, 2026

Desired Majors and Areas of Study: Cybersecurity, Information Technology, Computer Science, or Risk Management

The Information Technology Department resides within The Office of Operations at the National Museum of African American History and Culture (NMAAHC), and is responsible for the overall planning, direction and management of the Museum’s IT programs and operations. Conducting business analysis to identify Museum business needs and goals and develop innovative solutions to resolve difficult issues, identifying management improvements and cost savings, and effectively leveraging emerging opportunities. This department designs, secures, provisions, and supports information systems used to manage the museum’s core functions including advancement/membership, visitor services, collections management, office automation environment. The IT Department does not manage web services, application development, interactive technologies, or audio-visual systems.

PCI DDS Research Intern will investigate and document technical and operational measures required for PCI DSS compliance, focusing on fraud prevention and data breach mitigation in cultural institution environments. Research PCI DSS requirements across different merchant levels (based on transaction volume). Identify and evaluate best practices for implementing:

Network security (firewalls, segmentation)
Strong authentication (password policies, MFA)
Encryption of cardholder data in transit and at rest
Regular vulnerability scans and penetration testing
Access control and least-privilege principles
Secure software development and patch management

From this, they will develop a compliance checklist and risk mitigation guide tailored for museum operations, because protecting payment data is critical for visitor trust and institutional integrity. This project supports NMAAHC’s commitment to secure, ethical technology practices.

By the end of the internship, the intern will explain be able to explain PCI DSS core requirements and compliance levels; draft a PCI DSS implementation roadmap for a museum environment; analyze and summarize security controls (firewalls, encryption, access restrictions) and their role in fraud prevention; and advocate for secure payment practices and continuous monitoring as part of organizational culture.

Duties Include (but are not limited to):

Create content for an annual Cyber Security and Awareness Program
Coordinate with various teams within NMAAHC to disseminate program content
Support the facilitation of virtual information security learning events and/or workshops
Security awareness communications creation and dissemination