At Instructure, we believe in the power of people to grow and succeed throughout their lives. Our goal is to amplify that power by creating intuitive products that simplify learning and personal development, facilitate meaningful relationships, and inspire people to go further in their education and careers. We do this by giving smart, creative, passionate people opportunities to create awesome.
And that’s where you come in:
As a leading educational technology company, the privacy of teaching and learning data is paramount. We are seeking a dynamic Global Privacy Manager to lead and scale our global privacy compliance program. This role is focused on privacy program management and requires hands-on leadership in designing, operationalizing, and advancing initiatives that ensure our products, systems, and business practices align with global privacy laws and best practices.
Sitting at the intersection of product, engineering, and security, this role plays a pivotal part in implementing scalable privacy solutions, ensuring data protection, and enabling business growth through trusted practices. The ideal candidate brings strategic thinking, operational discipline, and deep expertise in privacy frameworks—with a passion for building programs in fast-moving, data-driven environments.
What you will do:
- Program Leadership and Strategy
- Lead and evolve the company’s global privacy program with clear accountability, measurable goals, and cross-functional alignment.
- Develop and maintain internal privacy policies, procedures, and governance frameworks.
- Establish a privacy architecture that aligns with global regulations and our organizational values.
- Deliver regular reports to leadership on program effectiveness, risks, and remediation efforts.
- Operational Compliance and Risk Management
- Scale and maintain the organization’s privacy operations to protect personal data across customer, employee, and internal systems.
- Ensure compliance with global privacy regulations (e.g., GDPR, CCPA/CPRA, PIPEDA, FERPA).
- Conduct and manage risk assessments, including DPIAs, PIAs, DSARs, and third-party privacy reviews.
- Manage data inventory and mapping, including records of processing activities (ROPA).
- Define and improve technical and operational controls for data retention, access management, consent, and data minimization.
- Conduct privacy assessments of vendors and manage third-party risk related to data handling.
- Manage and respond to DSARs within regulatory timelines.
- Cross-Functional Implementation and Technical Alignment
- Partner with Product, Engineering, Security, and Legal to embed privacy-by-design principles across the company’s systems and products.
- Collaborate on data classification, localization, and sovereignty strategies with security and infrastructure teams.
- Participate in cross-functional projects involving data governance, customer controls, and tooling for privacy features.
- Auditing, Incident Management, and Reporting
- Serve as the privacy lead for external audits, certifications (e.g., ISO 27701, SOC2 Privacy), and regulatory inquiries.
- Build scalable processes for privacy monitoring, evidence collection, and reporting using GRC platforms and automation.
- Participate in incident and breach response processes, including regulatory notifications when required.
- Training, Enablement, and Culture
- Develop and deliver engaging privacy training and awareness programs across the organization.
- Foster a culture of privacy and data responsibility.
- Serve as the organization’s privacy liaison to customers and regulators as needed.
What you will need to know/have:
- At least 7 years of experience in privacy operations, compliance and program management in educational technology or broader education sectors is highly valued.
- Proven success leading enterprise-wide privacy initiatives, including policy development, training, and operational implementation.
- Experience with privacy assessments, DSAR response workflows, and regulatory alignment.
- Track record managing or supporting compliance frameworks (SOC 2, ISO 27701, PCI DSS, FedRAMP).
- Hands-on experience managing external audits and certification cycles.
- Privacy certifications issued by the IAPP such as CIPP/US, CIPP/E, CIPP/M or CIPT)
- Technical Skills
- Strong understanding of how to operationalize privacy controls at scale, especially in cloud-native environments.
- Familiarity with data flow mapping, access controls, consent management, and retention/deletion strategies.
- Experience with GRC platforms (e.g., OneTrust, AuditBoard) and project management tools (e.g., Jira, Asana, Confluence).
- Professional Skills
- Excellent cross-functional collaboration and stakeholder management skills.
- Clear and effective communicator with strong documentation and reporting practices.
- Comfortable interacting with executive leadership and external stakeholders independently.
- Strategic thinker with the ability to assess privacy risk and deliver practical, scalable solutions.
- Agile, resourceful, and adaptable in a fast-paced environment.
It would be a bonus if you also have:
- Additional experience in IT and security compliance, audit, or technical program management roles is preferred.
- Additional certifications such as CISA, CISM, CIPM, or CRISC are a plus.
- Experience working with cloud platforms (AWS, GCP, or Azure) and cloud-scale infrastructures.
- Familiarity with emerging areas like AI and machine learning and their implications for privacy.
Get in on all the awesome at Instructure!
- We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here’s a general idea of what you can expect:
- Competitive compensation, plus all full-time employees participate in our ownership program – because everyone should have a stake in our success.
- Flexible schedules and a remote-friendly culture, with hybrid or onsite work options available in some regions for specific roles
- Generous time off, including local holidays and our annual company-wide “Dim the Lights” week in late December, when we encourage everyone to step back and recharge
- Comprehensive wellness programs and mental health support
- Annual learning and development stipends to support your growth
- The technology and tools you need to do your best work — typically a Mac, with PC options available in some locations
- Motivosity employee recognition program
- A culture rooted in inclusivity, support, and meaningful connection
We believe in hiring great people and treating them right. The more diverse we are, the better our ideas and outcomes.Instructure is an Equal Opportunity Employer. We comply with applicable employment and anti-discrimination laws in every country where we operate.All employees must pass a background check as part of the hiring process. To help protect our teams and systems, we’ve implemented identity verification measures. Candidates may be asked to verify their legal name, current physical location, and provide a valid contact number and residential address, in accordance with local data privacy laws.Any attempt to misrepresent personal or professional information will result in disqualification.
