We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Director, Security Product Risk Management

DocuSign
parental leave, paid time off, remote work
United States, California, San Francisco
221 Main Street (Show on map)
Oct 07, 2025
Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).


What you'll do

The Director, Security Product Risk Management is a strategic and product-focused leader responsible for building and leading a modern, automation-driven, data-informed security risk program that enables the organization to manage risk effectively and at scale. You will lead the design, delivery, and evolution of the security risk management program, ensuring risks are identified, quantified, prioritized, and communicated in business-relevant terms.

As the security product owner for Risk, this role is also responsible for setting the vision, roadmap, and priorities for risk analytics, risk automation (data collection and analysis for risk assessments), and continuous monitoring. You'll partner with engineering, product, GRC engineering, cyber defense, compliance, procurement, and business stakeholders to embed risk awareness, automation, and data-driven insights into systems, processes, and their decision-making.

This is position is a people manager role reporting to the Senior Director of Security Governance, Risk Management and Compliance (GRC).

Responsibility

  • Lead and mentor a team of risk managers, risk product managers, and risk analysts

  • Build a high-performing, product-driven team focused on measurable outcomes and continuous improvement

  • Define, deliver, and continuously evolve security risk management enterprise-wide

  • Establish frameworks and processes for risk identification, assessment, prioritization, and reporting

  • Drive adoption of quantitative risk methodologies (e.g., FAIR) and data-driven decision-making

  • Lead security risk reviews across products, services, and infrastructure to enable faster, risk-informed choices

  • Define KPIs, KRIs, and executive-level reporting to measure control effectiveness and risk posture

  • Drive user adoption and operational efficiency through automation-first workflows across risk intake and reporting

  • Act as the bridge between technical risks and business priorities, ensuring stakeholders have actionable insights

  • Leverage predictive analytics and automation to prioritize risks based on potential business impact

  • Deliver executive-ready reporting to senior security leadership and cross-functional stakeholders

  • Partner closely with engineering to build real-time dashboards and centralized risk data pipelines, and to deliver risk automation capabilities and technical integrations

  • Expand third party risk scope to include strategic partners, alliances, joint-service providers and developer ecosystem

  • Oversee technical integration reviews for SaaS, APIs, infrastructure connectivity, and data flows

  • Build and maintain a fourth-party dependency framework to manage cascading risks

  • Use attack surface monitoring, supply chain security platforms, and threat intelligence feeds to continuously track ecosystem exposure

  • Partner with engineering, product, cyber defense, compliance, procurement, and legal teams to integrate risk management into business processes

  • Collaborate with customer-facing security teams to support security assurance activities where required.


Job Designation

Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.


What you bring

Basic

  • 12+ years in security risk management, GRC, or related security disciplines, with 8+ years in leadership roles
  • Bachelor's or Master's degree in Information Security, Risk Management, Analytics, or related field
  • Experience designing and leading enterprise security risk programs
  • Experience with cloud-native architectures, SaaS integrations, APIs, and security tooling
  • Hands-on experience with GRC platforms (ServiceNow, LogicGate, OneTrust) and automation-first workflows
  • Experience defining risk KPIs, metrics pipelines, and executive reporting frameworks

Preferred

  • Excellent stakeholder management and communication skills across technical and business audiences
  • Strong cross-functional collaboration and stakeholder management skills, especially with engineering and executive teams
  • Excellent collaboration and communication management skills across technical and non-technical audiences
  • Excellent documentation and reporting skills
  • Certifications: CISM, CRISC, CISSP, CCSP, or equivalent
  • Familiarity with attack surface monitoring, supply chain security, and continuous control validation
  • Experience driving automation strategies, predictive analytics, and data-driven insights
  • Knowledge of frameworks such as NIST CSF, ISO 27005, FAIR, SOC 2, FedRAMP, and DORA.

Wage Transparency

Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.

Based on applicable legislation, the below details pay ranges in the following locations:

California: $202,800.00 - $327,625.00 base salary

Illinois, Colorado, Massachusetts and Minnesota: $193,100.00 - $272,750.00 base salary

Washington, Maryland, New Jersey and New York (including NYC metro area): $193,100.00 - $286,500.00 base salary

This role is also eligible for the following:

  • Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
  • Stock: This role is eligible to receive Restricted Stock Units (RSUs).

Global benefits provide options for the following:

  • Paid Time Off: earned time off, as well as paid company holidays based on region
  • Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
  • Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
  • Retirement Plans: select retirement and pension programs with potential for employer contributions
  • Learning and Development: options for coaching, online courses and education reimbursements
  • Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events

Life at Docusign

Working here

Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what's right, every day. At Docusign, everything is equal.

We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you'll be loved by us, our customers, and the world in which we live.

Accommodation

Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at accommodations@docusign.com.

If you experience any issues, concerns, or technical difficulties during the application process please get in touch with our Talent organization at taops@docusign.com for assistance.

Applicant and Candidate Privacy Notice


States Not Eligible for Employment

This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.


Equal Opportunity Employer

It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

EEO Know Your Rights poster

#LI-Hybrid

Applied = 0

(web-759df7d4f5-28ndr)