What you'll doDocusign is looking for a Senior Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team. In this hands-on role, you will lead and manage modern, data-driven security risk assessments and play a pivotal role in advancing the maturity of our Security Risk Management program.
This position is an individual contributor role reporting to the Sr. Director, Security Governance, Risk and Compliance.
Responsibility- Lead end-to-end security risk assessments of applications, systems, and cloud and software environments, across all security domains leveraging advanced risk scoring models such as risk quantification
- Identify, assess, monitor, and report on security risks across the enterprise and within specific domains (e.g. Vulnerability Management, Third Party Risk, Product Security, Detection and Response, etc.)
- Review holistically Risk, Control, and Issue data to culminate recommendations on top security investments across the enterprise
- Analyze risk data to identify trends, root causes, and control gaps, and recommend changes to strengthen controls
- Partner with Engineering, Security, and business teams to embed risk insights into planning, prioritization, and decision-making
- Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends within their portfolio
- Maintain and evolve the security control framework, ensuring risks are effectively mapped to controls, and are relevant to the business
- Provide recommendations on risk acceptance and mitigation that balances business objectives with security requirements
- Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes
- Serve as a trusted advisor to leadership on security risk posture and decisions
- Stay ahead of emerging risks and industry trends to continuously improve risk practices
Job DesignationHybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)
Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.
What you bringBasic- 8+ years of experience in security risk management, GRC, or related fields
- Bachelor's degree in Computer Science, Information Security, or related field
- Experience with cyber threats and vulnerabilities, with hands-on expertise in one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security)
- Experience with cloud environments (AWS, Azure, GCP) and SaaS platforms
- Experience with risk management frameworks, risk quantification models (e.g., FAIR) or building custom risk scoring approaches
- Experience with security risk assessments, controls, and threat analysis
- Experience with GRC platforms and automation tools, preferably ServiceNow IRM
- One or more certifications: CISSP, CRISC, CISM
Preferred- Experience as a security risk SME or security architect
- Familiarity with cloud and SaaS environments (AWS, Azure, GCP)
- Experience managing or mentoring junior GRC professionals
- Experience building risk dashboards and metrics (e.g., Tableau, Power BI)
- Excellent communication and stakeholder management skills
Wage TransparencyPay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.
Based on applicable legislation, the below details pay ranges in the following locations:
California: $146,400.00 - $235,375.00 base salary
This role is also eligible for the following:
- Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
- Stock: This role is eligible to receive Restricted Stock Units (RSUs).
Global benefits provide options for the following:
- Paid Time Off: earned time off, as well as paid company holidays based on region
- Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
- Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
- Retirement Plans: select retirement and pension programs with potential for employer contributions
- Learning and Development: options for coaching, online courses and education reimbursements
- Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events
#LI-Hybrid #LI-HP1