Compliance Analyst

At Instructure, we are dedicated to empowering EdTech providers and educational organisations to unlock their full potential through innovative technology solutions. Our mission is to provide intuitive products and services that simplify learning and personal development, foster meaningful relationships, and inspire progress in education and careers. We believe in giving smart, creative, and passionate individuals the opportunity to make a significant impact in the world of EdTech. 

About the Role

• Perform internal audits, risk assessments, and investigations to identify compliance risks.
• Arrange, manage, and facilitate external assessments –  SOC2, SOC1, CyberEssentials, PCI DSS, and ISO27001 assessments.
• Collaborate with teams to implement compliance programs and guarantee operational adherence to information security and privacy requirements.
• Examine compliance-related issues and suggest corrective actions.
• Assist in responding to audits, regulatory inquiries, and internal investigations.
• Identify gaps in compliance and address the gaps through program management practices.
• Conduct reviews of new vendors and third-parties to validate compliance to INST policies and requirements..
• Gather data to develop metrics that measure and report on the effectiveness of Instructure's control framework
• Aid in the preparation of reports and documentation for senior management.
• Respond to customer, sales, legal, and marketing requests to aid in providing transparent and accurate knowledge to customers.
• Support GRC Team to maintain adherence to regulatory requirements, internal policies, and industry standards.
• Contribute to the overall direction, mission, and purpose of the Instructure GRC Team.

About You

• Education: Bachelor's degree in Business, Finance, Law, or a related field (Certified Compliance & Ethics Professional (CCEP) or similar certification is a plus).
• Experience: 2+ years of experience in compliance, risk management, audit, or a related field.
• Knowledge: Experience with regulatory frameworks such as SOC 2, ISO 27001, PCI DSS, NIST 800-53 or other industry-specific regulations,  Knowledge of privacy (GDPR) requirements is a plus.
• Skills: Strong analytical and problem-solving abilities, attention to detail, excellent communication and interpersonal skills, ability to work independently and as part of a team.
• Technical Skills: Proficiency in Google Suite and Microsoft Office Suite. Familiarity with GRC platforms like Audit Board