I applied internally to a position in Security called Customer Risk Manager. Katie, the recruiter, was always prompt in responding my questions. She made sure I had clear expectations about the role, and provided timely feedback as I went through each step of the process. The process itself involved a number of meetings with different team members, with the purpose of identifying role and culture fit. In my case, there was not as much focus on the cultural fit because I've been working at the company for a number of years. As such, the main purpose of the process was to measure both my relevant knowledge and potential to perform the new role. The part of the process that takes the most time and dedication is the exercise. In my case, I had to review a mock SOC2 report, do a risk analysis based on that, and present a proposal of how to mitigate the different risks I had identified. The exercise is asynchronous, meaning that I got to work on it on my own time. I had the option to ask as many questions as I needed in a Slack channel, and the team ensured to make themselves available to answer them. As deliverable, I presented the result of the exercise to the team involved in the review. The whole process took roughly two weeks.