Instructure is looking for a Sr. Risk Manager to help mature the GRC function by strengthening information security maturity through the creation and upkeep of a risk management program, including risk register(s) and the third-party risk program. A quality applicant is someone familiar with risk assessments, risk frameworks, is outgoing, understands learning frameworks, works independently, is trusted and can learn new things. A passion for Risk and Compliance is a must! What you will do: - Reviewing the current information risk program, including improvements to processes that identify, measure, track, and remediate risks with business owners. - Working collaboratively with other information security risk personnel across Instructure to help identify enterprise-level risks for the CISO and work on finding enterprise-level solutions. - Assisting in annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1 and SOC 2 Type I and Type II reports where risk controls are affected. - Developing and executing information security for internal control testing across the enterprise. - Work with product Engineering teams to secure solutions and ensure that Instructure procedures comply with regulatory framework requirements. - Partner with engineering teams to design and implement technical solutions to mitigate security risks - Collaborate with internal teams to establish metrics and dashboards that effectively measure the success of security programs. - Coordinate between external auditors and internal controls owners, ensuring smooth communication and efficient evidence gathering. - Documenting findings and assessing risk where deviations exist resulting from internal and external testing. - Evaluating third-party vendors to ensure compliance with established standards and risk tolerance levels. - Presenting results and findings of audits to peers and leadership when necessary. - Writing and editing policies and reports to maintain an industry-leading risk program. - Communicating the value of GRC and information risk management at Instructure. - Acting as an information security risk leader for Instructure, ensuring a world-class security posture. - Reviewing new tools for security risks during the procurement process. What you will need to know/have - 7+ years of experience in information security, GRC, and/or risk management. - High school diploma or equivalent experience required. Bachelor's degree in information security or IT-related program preferred. - Excellent written and verbal communication skills. - Security+, CRISC, CISA preferred. - Willingness to learn new concepts, train junior members, and work with information security leaders on the most complex projects. Get in on all the awesome at Instructure! We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here's a general idea of what you can expect: - Competitive compensation, plus all full-time employees participate in our ownership program - because everyone should have a stake in our success. - Flexible work culture. Our remote, hybrid and in-office collaboration spaces vary by role, team and location. - Generous time off, including local holidays and our annual "Dim the Lights" period in late December, when teams are encouraged to step back and recharge based on departmental needs. - Comprehensive wellness programs and mental health support - Learning and development resources, including professional development tools and tuition reimbursement, to support your growth - The technology and tools you need to do your best work - Motivosity employee recognition program - A culture rooted in inclusivity, support, and meaningful connection