Offer summary

Qualifications:

Bachelor's degree in Business, Finance, Law, or a related field., 2+ years of experience in compliance, risk management, audit, or a related field., Knowledge of regulatory frameworks such as SOC 2, ISO 27001, and PCI DSS., Strong analytical skills, attention to detail, and excellent communication abilities..

Key responsabilities:

Perform internal audits, risk assessments, and investigations to identify compliance risks.

Manage and facilitate external assessments like SOC2 and PCI DSS.

Collaborate with teams to implement compliance programs and ensure adherence to security requirements.

Assist in responding to audits and regulatory inquiries, and prepare reports for senior management.

Job description

At Instructure, we are dedicated to empowering EdTech providers and educational organisations to unlock their full potential through innovative technology solutions. Our mission is to provide intuitive products and services that simplify learning and personal development, foster meaningful relationships, and inspire progress in education and careers. We believe in giving smart, creative, and passionate individuals the opportunity to make a significant impact in the world of EdTech.

About the Role

Perform internal audits, risk assessments, and investigations to identify compliance risks.

Arrange, manage, and facilitate external assessments – SOC2, SOC1, CyberEssentials, PCI DSS, and ISO27001 assessments.

Collaborate with teams to implement compliance programs and guarantee operational adherence to information security and privacy requirements.

Examine compliance-related issues and suggest corrective actions.

Assist in responding to audits, regulatory inquiries, and internal investigations.

Identify gaps in compliance and address the gaps through program management practices.

Conduct reviews of new vendors and third-parties to validate compliance to INST policies and requirements..

Gather data to develop metrics that measure and report on the effectiveness of Instructure's control framework

Aid in the preparation of reports and documentation for senior management.

Respond to customer, sales, legal, and marketing requests to aid in providing transparent and accurate knowledge to customers.

Support GRC Team to maintain adherence to regulatory requirements, internal policies, and industry standards.

Contribute to the overall direction, mission, and purpose of the Instructure GRC Team.

About You

Education: Bachelor's degree in Business, Finance, Law, or a related field (Certified Compliance & Ethics Professional (CCEP) or similar certification is a plus).

Experience: 2+ years of experience in compliance, risk management, audit, or a related field.

Knowledge: Experience with regulatory frameworks such as SOC 2, ISO 27001, PCI DSS, NIST 800-53 or other industry-specific regulations, Knowledge of privacy (GDPR) requirements is a plus.

Skills: Strong analytical and problem-solving abilities, attention to detail, excellent communication and interpersonal skills, ability to work independently and as part of a team.

Technical Skills: Proficiency in Google Suite and Microsoft Office Suite. Familiarity with GRC platforms like Audit Board

Required profile