Senior Manager, Information Security Risk

This is a fully remote position, open to applicants in United States.

📋 Description

• Evaluating the existing information risk program, focusing on enhancing processes that identify, assess, monitor, and address risks alongside business stakeholders.

• Collaborating with fellow information security risk professionals across Instructure to pinpoint enterprise-level risks for the CISO and work towards comprehensive solutions.

• Supporting annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1, and SOC 2 Type I and Type II reports where risk controls are impacted.

• Creating and implementing information security measures for internal control testing throughout the organization.

• Partnering with product Engineering teams to secure solutions and ensure compliance with regulatory requirements within Instructure's procedures.

• Collaborating with engineering teams to design and deploy technical solutions aimed at reducing security risks.

• Working with internal teams to develop metrics and dashboards that accurately reflect the success of security initiatives.

• Facilitating communication between external auditors and internal controls owners, ensuring efficient evidence collection and seamless interactions.

• Recording findings and evaluating risks where discrepancies are identified from both internal and external testing.

• Assessing third-party vendors to verify adherence to established standards and acceptable risk levels.

• Presenting audit results and findings to peers and leadership as needed.

• Composing and revising policies and reports to uphold an industry-leading risk management program.

• Articulating the importance of GRC and information risk management within Instructure.

• Serving as a leader in information security risk for Instructure, ensuring a top-tier security posture.

• Analyzing new tools for security risks during the procurement phase.

⛳️ Requirements

• Over 7 years of experience in information security, GRC, and/or risk management.

• A high school diploma or equivalent experience is required; a bachelor’s degree in information security or an IT-related field is preferred.

• Exceptional written and verbal communication abilities.

• Security+, CRISC, CISA certifications are preferred.

• A willingness to learn new concepts, mentor junior team members, and collaborate with information security leaders on complex projects.

🏝️ Benefits

• Competitive salary, along with participation in our ownership program for all full-time employees—because everyone should have a stake in our success.

• A flexible work culture, with remote, hybrid, and in-office collaboration spaces varying by role, team, and location.

• Generous time off, which includes local holidays and our annual “Dim the Lights” period in late December, encouraging teams to take a step back and recharge as per departmental needs.

• Comprehensive wellness programs and mental health support.

• Learning and development resources, including professional development tools and tuition reimbursement, to facilitate your growth.

• Access to the technology and tools necessary for optimal performance.

• Participation in the Motivosity employee recognition program.

• A culture grounded in inclusivity, support, and meaningful connections.