• Reviewing the current information risk program, including improvements to processes that identify, measure, track, and remediate risks with business owners. • Working collaboratively with other information security risk personnel across Instructure to help identify enterprise-level risks for the CISO and work on finding enterprise-level solutions. • Assisting in annual audits for industry-specific reports, such as ISO27001, PCI, SOC 1 and SOC 2 Type I and Type II reports where risk controls are affected. • Developing and executing information security for internal control testing across the enterprise. • Work with product Engineering teams to secure solutions and ensure that Instructure procedures comply with regulatory framework requirements. • Partner with engineering teams to design and implement technical solutions to mitigate security risks • Collaborate with internal teams to establish metrics and dashboards that effectively measure the success of security programs. • Coordinate between external auditors and internal controls owners, ensuring smooth communication and efficient evidence gathering. • Documenting findings and assessing risk where deviations exist resulting from internal and external testing. • Evaluating third-party vendors to ensure compliance with established standards and risk tolerance levels. • Presenting results and findings of audits to peers and leadership when necessary. • Writing and editing policies and reports to maintain an industry-leading risk program. • Communicating the value of GRC and information risk management at Instructure. • Acting as an information security risk leader for Instructure, ensuring a world-class security posture. • Reviewing new tools for security risks during the procurement process.

• Design, implement, and maintain DLP controls across email, endpoint, cloud, web, and collaboration platforms • Engineer and tune custom DLP detections using regex, Exact Data Matching (EDM), Indexed Document Matching (IDM), classifiers, and contextual telemetry • Own the full DLP policy lifecycle, including policy creation, normalization, testing, deployment, tuning, version control, and change management • Analyze and triage DLP and insider risk alerts, conduct root cause analysis, and recommend mitigation strategies to improve control effectiveness • Partner with Security Operations, Incident Response, Risk, Legal, Compliance, and Information Protection teams to investigate potential data exfiltration and insider risk events • Build and enhance automation workflows, dashboards, and reporting to improve visibility into data movement, user behavior, and program performance • Serve as a technical subject matter expert for DLP platforms and data protection capabilities across the enterprise • Translate regulatory requirements, business needs, and risk scenarios into practical, enforceable technical controls • Continuously improve detection quality, operational processes, and reporting to advance program maturity and business alignment • Contribute to the evaluation and responsible use of AI-enabled security capabilities that improve detection, analysis, and operational efficiency within data protection workflows

• Design and conduct offensive security operations / engagements for product and internal tools across Instacart. • Deploy and operationalize a variety of open-source and commercially available security tools that can scale out and be maintained long term. • Collaborate with cross-functional teams, including engineering and product, to integrate security testing into their SDLC cycle. • Share knowledge and mentor other team members, promoting a culture of continuous learning and growth.

• Design and conduct offensive security operations / engagements for product and internal tools across Instacart. • Deploy and operationalize a variety of open-source and commercially available security tools that can scale out and be maintained long term. • Collaborate with cross-functional teams, including engineering and product, to integrate security testing into their SDLC cycle. • Share knowledge and mentor other team members, promoting a culture of continuous learning and growth.