Senior Security Risk Manager
About the role
Docusign is seeking a Senior Security Risk Manager to lead and manage modern, data-driven security risk assessments. This role plays a pivotal role in advancing the maturity of our Security Risk Management program.
Responsibilities
- Lead end-to-end security risk assessments of applications, systems, and cloud and software environments, across all security domains leveraging advanced risk scoring models such as risk quantification.
- Identify, assess, monitor, and report on security risks across the enterprise and within specific domains (e.g., Vulnerability Management, Third Party Risk, Product Security, Detection and Response, etc.).
- Review holistic Risk, Control, and Issue data to culminate recommendations on top security investments across the enterprise.
- Analyze risk data to identify trends, root causes, and control gaps, and recommend changes to strengthen controls.
- Partner with Engineering, Security, and business teams to embed risk insights into planning, prioritization, and decision-making.
- Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends within their portfolio.
- Maintain and evolve the security control framework, ensuring risks are effectively mapped to controls, and are relevant to the business.
- Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes.
- Serve as a trusted advisor to leadership on security risk posture and decisions.
- Stay ahead of emerging risks and industry trends to continuously improve risk practices.
Requirements
- Basic 8+ years of experience in security risk management, GRC, or related fields.
- Bachelor's degree in Computer Science, Information Security, or related field.
- Experience with cyber threats and vulnerabilities, with hands-on expertise in one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security).
- Experience with cloud environments (AWS, Azure, GCP) and SaaS platforms.
- Experience with risk management frameworks, risk quantification models (e.g., FAIR) or building custom risk scoring approaches.
- Experience with security risk assessments, controls, and threat analysis.
- Experience with GRC platforms and automation tools, preferably ServiceNow IRM.
- One or more certifications: CISSP, CRISC, CISM.
Preferred Experience
- Experience as a security risk SME or security architect.
- Familiarity with cloud and SaaS environments (AWS, Azure, GCP).
- Experience managing or mentoring junior GRC professionals.
- Experience building risk dashboards and metrics (e.g., Tableau, Power BI).
- Excellent communication and stakeholder management skills.
Qualifications
- Basic 8+ years of experience in security risk management, GRC, or related fields.
- Bachelor's degree in Computer Science, Information Security, or related field.
- Experience with cyber threats and vulnerabilities, with hands-on expertise in one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security).
- Experience with cloud environments (AWS, Azure, GCP) and SaaS platforms.
- Experience with risk management frameworks, risk quantification models (e.g., FAIR) or building custom risk scoring approaches.
- Experience with security risk assessments, controls, and threat analysis.
- Experience with GRC platforms and automation tools, preferably ServiceNow IRM.
- One or more certifications: CISSP, CRISC, CISM.
- Experience as a security risk SME or security architect.
- Familiarity with cloud and SaaS environments (AWS, Azure, GCP).
- Experience managing or mentoring junior GRC professionals.
- Experience building risk dashboards and metrics (e.g., Tableau, Power BI).
- Excellent communication and stakeholder management skills.
Skills
- Advanced risk scoring models.
- Data-driven security risk assessments.
- Cloud environments (AWS, Azure, GCP).
- Risk quantification models (FAIR).
- GRC platforms and automation tools (ServiceNow IRM).
- Security risk assessments, controls, and threat analysis.
- Building custom risk scoring approaches.
- Security risk management frameworks.
- Stakeholder management skills.
Benefits
- Paid Time Off.
- Paid Parental Leave.
- Full Health Benefits Plans.
- Retirement Plans.
- Learning and Development.
- Compassionate Care Leave.
Pay
Based on a number of factors including geographic location, the pay range for this position is $146,400.00 - $235,375.00 base salary. This Role Is Also Eligible For The Following Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
Schedule
Job Designation: Hybrid. Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)
Benefits
- Paid Time Off.
- Paid Parental Leave.
- Full Health Benefits Plans.
- Retirement Plans.
- Learning and Development.
- Compassionate Care Leave.