Company Overview
Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).
What you'll do
The Director, Security Product Risk Management is a strategic and product-focused leader responsible for building and leading a modern, automation-driven, data-informed security risk program that enables the organization to manage risk effectively and at scale. You will lead the design, delivery, and evolution of the security risk management program, ensuring risks are identified, quantified, prioritized, and communicated in business-relevant terms.
As the security product owner for Risk, this role is also responsible for setting the vision, roadmap, and priorities for risk analytics, risk automation (data collection and analysis for risk assessments), and continuous monitoring. You'll partner with engineering, product, GRC engineering, cyber defense, compliance, procurement, and business stakeholders to embed risk awareness, automation, and data-driven insights into systems, processes, and their decision-making.
This is position is a people manager role reporting to the Senior Director of Security Governance, Risk Management and Compliance (GRC).
Responsibility
Lead and mentor a team of risk managers, risk product managers, and risk analysts
Build a high-performing, product-driven team focused on measurable outcomes and continuous improvement
Define, deliver, and continuously evolve security risk management enterprise-wide
Establish frameworks and processes for risk identification, assessment, prioritization, and reporting
Drive adoption of quantitative risk methodologies (e.g., FAIR) and data-driven decision-making
Lead security risk reviews across products, services, and infrastructure to enable faster, risk-informed choices
Define KPIs, KRIs, and executive-level reporting to measure control effectiveness and risk posture
Drive user adoption and operational efficiency through automation-first workflows across risk intake and reporting
Act as the bridge between technical risks and business priorities, ensuring stakeholders have actionable insights
Leverage predictive analytics and automation to prioritize risks based on potential business impact
Deliver executive-ready reporting to senior security leadership and cross-functional stakeholders
Partner closely with engineering to build real-time dashboards and centralized risk data pipelines, and to deliver risk automation capabilities and technical integrations
Expand third party risk scope to include strategic partners, alliances, joint-service providers and developer ecosystem
Oversee technical integration reviews for SaaS, APIs, infrastructure connectivity, and data flows
Build and maintain a fourth-party dependency framework to manage cascading risks
Use attack surface monitoring, supply chain security platforms, and threat intelligence feeds to continuously track ecosystem exposure
Partner with engineering, product, cyber defense, compliance, procurement, and legal teams to integrate risk management into business processes
Collaborate with customer-facing security teams to support security assurance activities where required.
Job Designation
Hybrid: Employee divides their time between in-office and remote work. Access
CLZUU DOMUU SK111 SK222 SK333 SK444 SK555 SK666
