Sr. Manager Information Security Risk Manager

At Instructure, we believe in the power of people to grow and succeed throughout their lives. Our goal is to amplify that power by creating intuitive products that simplify learning and personal development, facilitate meaningful relationships, and inspire people to go further in their education and careers.
We do this by giving smart, creative, passionate people opportunities to create awesome. And that's where you come in:

Instructure is looking for a Sr. Risk Manager to help mature the GRC function by strengthening information security maturity through the creation and upkeep of a risk management program, including risk register(s) and the third-party risk program. A quality applicant is someone familiar with risk assessments, risk frameworks, is outgoing, understands learning frameworks, works independently, is trusted and can learn new things. A passion for Risk and Compliance is a must!

What you will do:

• Reviewing the current information risk program, including improvements to processes that identify, measure, track, and remediate risks with business owners.

• Working collaboratively with other information security risk personnel across Instructure to help identify enterprise-level risks for the CISO and work on finding enterprise-level solutions.

• Assisting in annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1 and SOC 2 Type I and Type II reports where risk controls are affected.

• Developing and executing information security for internal control testing across the enterprise.

• Work with product Engineering teams to secure solutions and ensure that Instructure procedures comply with regulatory framework requirements.

• Partner with engineering teams to design and implement technical solutions to mitigate security risks

• Collaborate with internal teams to establish metrics and dashboards that effectively measure the success of security programs.

• Coordinate between external auditors and internal controls owners, ensuring smooth communication and efficient evidence gathering.

• Documenting findings and assessing risk where deviations exist resulting from internal and external testing.

• Evaluating third-party vendors to ensure compliance with established standards and risk tolerance levels.

• Presenting results and findings of audits to peers and leadership when necessary.

• Writing and editing policies and reports to maintain an industry-leading risk program.

• Communicating the value of GRC and information risk management at Instructure.

• Acting as an information security risk leader for Instructure, ensuring a world-class security posture.

• Reviewing new tools for security risks during the procurement process.

What you will need to know/have

• 7+ years of experience in information security, GRC, and/or risk management.

• High school diploma or equivalent experience required. Bachelor’s degree in information security or IT-related program preferred.

• Excellent written and verbal communication skills.

• Security+, CRISC, CISA preferred.

• Willingness to learn new concepts, train junior members, and work with information security leaders on the most complex projects.

Get in on all the awesome at Instructure!

We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here's a general idea of what you can expect:

• Competitive compensation, plus all full-time employees participate in our ownership program - because everyone should have a stake in our success.

• Flexible work culture. Our remote, hybrid and in-office collaboration spaces vary by role, team and location.

• Generous time off, including local holidays and our annual “Dim the Lights” period in late December, when teams are encouraged to step back and recharge based on departmental needs.

• Comprehensive wellness programs and mental health support

• Learning and development resources, including professional development tools and tuition reimbursement, to support your growth

• The technology and tools you need to do your best work

• Motivosity employee recognition program

• A culture rooted in inclusivity, support, and meaningful connection

We believe in hiring great people and treating them right. The more diverse we are, the better our ideas and outcomes.

Instructure is an Equal Opportunity Employer. We comply with applicable employment and anti-discrimination laws in every country where we operate.

All employees must pass a background check as part of the hiring process. To help protect our teams and systems, we’ve implemented identity verification measures. Candidates may be asked to verify their legal name, current physical location, and provide a valid contact number and residential address, in accordance with local data privacy laws.

Any attempt to misrepresent personal or professional information will result in disqualification.