Senior Manager, Information Security Risk

Instructure

Risk Manager responsible for securing Instructure's information systems and managing risk programs. Collaborating with teams to mitigate security risks and optimize compliance for a world-class security posture.

Posted 6/19/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $120,000 - $150,000 per yearWebsite

About the role

Key responsibilities & impact

Reviewing the current information risk program, including improvements to processes that identify, measure, track, and remediate risks with business owners.
Working collaboratively with other information security risk personnel across Instructure to help identify enterprise-level risks for the CISO and work on finding enterprise-level solutions.
Assisting in annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1 and SOC 2 Type I and Type II reports where risk controls are affected.
Developing and executing information security for internal control testing across the enterprise.
Work with product Engineering teams to secure solutions and ensure that Instructure procedures comply with regulatory framework requirements.
Partner with engineering teams to design and implement technical solutions to mitigate security risks
Collaborate with internal teams to establish metrics and dashboards that effectively measure the success of security programs.
Coordinate between external auditors and internal controls owners, ensuring smooth communication and efficient evidence gathering.
Documenting findings and assessing risk where deviations exist resulting from internal and external testing.
Evaluating third-party vendors to ensure compliance with established standards and risk tolerance levels.
Presenting results and findings of audits to peers and leadership when necessary.
Writing and editing policies and reports to maintain an industry-leading risk program.
Communicating the value of GRC and information risk management at Instructure.
Acting as an information security risk leader for Instructure, ensuring a world-class security posture.
Reviewing new tools for security risks during the procurement process.

Requirements

What you’ll need

7+ years of experience in information security, GRC, and/or risk management.
High school diploma or equivalent experience required. Bachelor’s degree in information security or IT-related program preferred.
Excellent written and verbal communication skills.
Security+, CRISC, CISA preferred.
Willingness to learn new concepts, train junior members, and work with information security leaders on the most complex projects.

Benefits

Comp & perks

Competitive compensation, plus all full-time employees participate in our ownership program - because everyone should have a stake in our success.
Flexible work culture. Our remote, hybrid and in-office collaboration spaces vary by role, team and location.
Generous time off, including local holidays and our annual “Dim the Lights” period in late December, when teams are encouraged to step back and recharge based on departmental needs.
Comprehensive wellness programs and mental health support
Learning and development resources, including professional development tools and tuition reimbursement, to support your growth
The technology and tools you need to do your best work
Motivosity employee recognition program
A culture rooted in inclusivity, support, and meaningful connection

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityrisk managementGRCinternal control testingauditcompliancesecurity risk assessmentmetrics establishmentpolicy writingvendor evaluation

Soft Skills

collaborationcommunicationleadershipproblem-solvingtrainingpresentationdocumentationanalytical thinkinginterpersonal skillsadaptability

Certifications

Security+CRISCCISA