Sr. Manager Information Security Risk Manager

• →

  Reviewing the current information risk program, including improvements to processes that identify, measure, track, and remediate risks with business owners.

• →

  Working collaboratively with other information security risk personnel across Instructure to help identify enterprise-level risks for the CISO and work on finding enterprise-level solutions.

• →

  Assisting in annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1 and SOC 2 Type I and Type II reports where risk controls are affected.

• →

  Developing and executing information security for internal control testing across the enterprise.

• →

  Work with product Engineering teams to secure solutions and ensure that Instructure procedures comply with regulatory framework requirements.

• →

  Partner with engineering teams to design and implement technical solutions to mitigate security risks

• →

  Collaborate with internal teams to establish metrics and dashboards that effectively measure the success of security programs.

• →

  Coordinate between external auditors and internal controls owners, ensuring smooth communication and efficient evidence gathering.

• →

  Documenting findings and assessing risk where deviations exist resulting from internal and external testing.

• →

  Evaluating third-party vendors to ensure compliance with established standards and risk tolerance levels.

• →

  Presenting results and findings of audits to peers and leadership when necessary.

• →

  Writing and editing policies and reports to maintain an industry-leading risk program.

• →

  Communicating the value of GRC and information risk management at Instructure.

• →

  Acting as an information security risk leader for Instructure, ensuring a world-class security posture.

• →

  Reviewing new tools for security risks during the procurement process.

• →

  7+ years of experience in information security, GRC, and/or risk management.

• →

  High school diploma or equivalent experience required. Bachelor’s degree in information security or IT-related program preferred.

• →

  Excellent written and verbal communication skills.

• →

  Security+, CRISC, CISA preferred.

• →

  Willingness to learn new concepts, train junior members, and work with information security leaders on the most complex projects.

We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here's a general idea of what you can expect:

• Competitive compensation, plus all full-time employees participate in our ownership program - because everyone should have a stake in our success.

• Flexible work culture. Our remote, hybrid and in-office collaboration spaces vary by role, team and location.

• Generous time off, including local holidays and our annual “Dim the Lights” period in late December, when teams are encouraged to step back and recharge based on departmental needs.

• Comprehensive wellness programs and mental health support

• Learning and development resources, including professional development tools and tuition reimbursement, to support your growth

• The technology and tools you need to do your best work

• Motivosity employee recognition program

• A culture rooted in inclusivity, support, and meaningful connection

We believe in hiring great people and treating them right. The more diverse we are, the better our ideas and outcomes.

Instructure is an Equal Opportunity Employer. We comply with applicable employment and anti-discrimination laws in every country where we operate.

All employees must pass a background check as part of the hiring process. To help protect our teams and systems, we’ve implemented identity verification measures. Candidates may be asked to verify their legal name, current physical location, and provide a valid contact number and residential address, in accordance with local data privacy laws.

Any attempt to misrepresent personal or professional information will result in disqualification.