Docusign
Overview
Docusign is seeking a Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team. In this hands-on role, you will lead modern, data-driven security risk assessments and advance the maturity of our Security Risk Management program. The ideal candidate combines technical expertise with business acumen, translating risk findings into actionable insights that influence engineering, security and business decisions. This position is an individual contributor reporting to the Director, Security Product Risk Management. Responsibilities
Lead end-to-end risk assessments of applications, systems, and cloud environments across all security domains Identify, assess, monitor, and report on security risks across the enterprise Analyze risk data to uncover recurring issues, trends, and root causes, and recommend changes to strengthen controls Partner with Engineering, Security, and business functions to embed risk insights into planning, prioritization, and decision-making Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends Support and enhance the security control framework, ensuring risks are mapped to controls and remain relevant to the business Provide recommendations on risk acceptance and mitigation balancing business objectives with security requirements Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes Stay ahead of emerging risks and industry trends to continuously improve risk practices What you bring
Basic Minimum of 5+ years of experience in security risk management or related areas Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field Hands-on experience with cyber threats and vulnerabilities across security domains (e.g., vulnerability management, insider risk, incident response, IAM, cloud, data and AI security) Experience with risk management frameworks (RMF, ISO 27005, NIST 800-37, NIST 800-30) Experience with risk quantification models (e.g., FAIR) or building custom risk scoring approaches Experience with control frameworks (SSAE16, ISO2701, NIST CSF/800-53, PCI DSS, HIPAA, FedRAMP, etc.) Experience with GRC platforms and automation tools, preferably ServiceNow IRM One or more certifications: CISSP, CRISC, CISM, CISA, CCSP, CIPT, CompTIA Security+, or AWS/Azure Security Preferred Strong analytical, problem solving, and communication skills Knowledge of cloud environments (AWS, Azure, GCP) and SaaS platforms Ability to work independently with ownership, urgency, and drive Strong business acumen with the ability to communicate risk to technical and non-technical stakeholders and recommend compensating controls Experience working cross-functionally to evaluate security controls and translate findings into meaningful risk insights Familiarity with data visualization tools (e.g., Tableau, Power BI) for risk dashboards Wage Transparency
Pay for this position is based on geographic location and may vary by knowledge, skills, and experience. Local ranges are provided where applicable: California: $114,200.00 - $177,100.00 base Illinois, Colorado, Massachusetts and Minnesota: $109,600.00 - $150,625.00 base Washington, Maryland, New Jersey and New York (including NYC metro): $109,600.00 - $156,950.00 base Other Compensation
This role is eligible for a company bonus plan or variable incentive pay based on company performance and, for non-sales roles, achievement of pre-established goals. Some roles may include sales-related incentives where applicable. Benefits
Paid Time Off and paid company holidays based on region Paid Parental Leave up to six months for birth, adoption, or foster care Health benefits plans with options for employer-paid coverage Retirement plans with potential employer contributions Learning and Development: coaching, online courses, and education reimbursements Compassionate Care Leave for life events Work Arrangement
Hybrid: time between in-office and remote work. Access to an office location is required. Frequency: minimum 2 days per week (may vary by team). Equal Opportunity and Accommodation
Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We provide reasonable accommodations for qualified individuals with disabilities in our application procedures. If you need an accommodation during the application process, contact accommodations@docusign.com. If you experience issues during the application process, contact taops@docusign.com for assistance. States Not Eligible for Employment: this position is not eligible in Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.
#J-18808-Ljbffr
Docusign is seeking a Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team. In this hands-on role, you will lead modern, data-driven security risk assessments and advance the maturity of our Security Risk Management program. The ideal candidate combines technical expertise with business acumen, translating risk findings into actionable insights that influence engineering, security and business decisions. This position is an individual contributor reporting to the Director, Security Product Risk Management. Responsibilities
Lead end-to-end risk assessments of applications, systems, and cloud environments across all security domains Identify, assess, monitor, and report on security risks across the enterprise Analyze risk data to uncover recurring issues, trends, and root causes, and recommend changes to strengthen controls Partner with Engineering, Security, and business functions to embed risk insights into planning, prioritization, and decision-making Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends Support and enhance the security control framework, ensuring risks are mapped to controls and remain relevant to the business Provide recommendations on risk acceptance and mitigation balancing business objectives with security requirements Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes Stay ahead of emerging risks and industry trends to continuously improve risk practices What you bring
Basic Minimum of 5+ years of experience in security risk management or related areas Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field Hands-on experience with cyber threats and vulnerabilities across security domains (e.g., vulnerability management, insider risk, incident response, IAM, cloud, data and AI security) Experience with risk management frameworks (RMF, ISO 27005, NIST 800-37, NIST 800-30) Experience with risk quantification models (e.g., FAIR) or building custom risk scoring approaches Experience with control frameworks (SSAE16, ISO2701, NIST CSF/800-53, PCI DSS, HIPAA, FedRAMP, etc.) Experience with GRC platforms and automation tools, preferably ServiceNow IRM One or more certifications: CISSP, CRISC, CISM, CISA, CCSP, CIPT, CompTIA Security+, or AWS/Azure Security Preferred Strong analytical, problem solving, and communication skills Knowledge of cloud environments (AWS, Azure, GCP) and SaaS platforms Ability to work independently with ownership, urgency, and drive Strong business acumen with the ability to communicate risk to technical and non-technical stakeholders and recommend compensating controls Experience working cross-functionally to evaluate security controls and translate findings into meaningful risk insights Familiarity with data visualization tools (e.g., Tableau, Power BI) for risk dashboards Wage Transparency
Pay for this position is based on geographic location and may vary by knowledge, skills, and experience. Local ranges are provided where applicable: California: $114,200.00 - $177,100.00 base Illinois, Colorado, Massachusetts and Minnesota: $109,600.00 - $150,625.00 base Washington, Maryland, New Jersey and New York (including NYC metro): $109,600.00 - $156,950.00 base Other Compensation
This role is eligible for a company bonus plan or variable incentive pay based on company performance and, for non-sales roles, achievement of pre-established goals. Some roles may include sales-related incentives where applicable. Benefits
Paid Time Off and paid company holidays based on region Paid Parental Leave up to six months for birth, adoption, or foster care Health benefits plans with options for employer-paid coverage Retirement plans with potential employer contributions Learning and Development: coaching, online courses, and education reimbursements Compassionate Care Leave for life events Work Arrangement
Hybrid: time between in-office and remote work. Access to an office location is required. Frequency: minimum 2 days per week (may vary by team). Equal Opportunity and Accommodation
Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We provide reasonable accommodations for qualified individuals with disabilities in our application procedures. If you need an accommodation during the application process, contact accommodations@docusign.com. If you experience issues during the application process, contact taops@docusign.com for assistance. States Not Eligible for Employment: this position is not eligible in Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.
#J-18808-Ljbffr