Director, Identity and Access Management

Location: San Francisco, California

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, the #1 platform in e-signature and contract lifecycle management (CLM). As Director, Identity and Access Management in the Security organization, you will report directly to Docusign’s Chief Information Security Officer and lead a small, high-impact IAM team in a hub-and-spoke model. This strategic, product-focused people manager role sets company IAM policy and standards, partnering with cross-functional leaders in IT, Engineering, Product, and beyond to embed secure practices across our innovative SaaS ecosystem. Drive enterprise-wide IAM strategies that protect our global operations, enable digital transformation, and safeguard intelligent agreement data while fostering Docusign’s culture of trust, innovation, and equality. In this role, you will develop and execute comprehensive IAM strategies aligned with business goals, product security for e-signature and CLM solutions, and emerging technologies like AI/ML. Build a product-driven team focused on automation, measurable outcomes, and continuous improvement. Collaborate to implement best-in-class user access controls, governance guardrails, and risk mitigation, while advising on IAM integrations into DocuSign products and internal workflows. Translate complex risks into actionable business insights for executives, ensure compliance with frameworks like NIST CSF, ISO 27001, SOC 2, and FedRAMP, and report on KPIs that demonstrate program success. Docusign is committed to building trust and making the world more agreeable. You’ll thrive in our innovative culture where every team member has equal opportunity to succeed, exchange ideas, and contribute to transformative work. This hybrid role (minimum 2 days/week in-office) offers competitive pay (CA: $202,800-$327,625 base + bonus/RSUs), comprehensive benefits including 100% employer-paid health plans, Paid Parental Leave, retirement contributions, and professional development. Join us to secure the future of agreements at the forefront of digital innovation.

Key Responsibilities

• Develop and execute DocuSign’s enterprise-wide IAM strategy and standards, aligning with business objectives, digital transformation, and security for intelligent agreement management and e-signature platforms
• Build and lead a high-performing IAM team in a hub-and-spoke model, setting company policies and driving best practices across IT, Engineering, and Product
• Lead and mentor IAM team members, fostering a culture of innovation, measurable outcomes, and continuous improvement
• Define, deliver, and evolve IAM best practices, including user account management, tailored access policies, and solution evaluations
• Collaborate with cross-functional teams to implement secure IAM controls and validate program efficacy enterprise-wide
• Operationalize IAM governance and guardrails to ensure compliant, safe use supporting DocuSign’s global e-signature and CLM operations
• Drive automation to minimize human error, scale efficiencies, and optimize workflows in high-volume agreement processing environments
• Advise on embedding IAM best practices into DocuSign products and leveraging product features for internal business practices
• Translate technical IAM risks and opportunities into business impact, delivering executive updates, trade-offs, and recommendations
• Ensure IAM practices align with internal standards, industry frameworks, and regulations like SOC 2 and FedRAMP
• Define success metrics, KPIs, and report outcomes to CISO and leadership
• Partner with customer-facing security teams to support assurance activities for DocuSign’s 1.5M+ customers

Required Qualifications

• 8+ years in identity and access management or related security disciplines, with 6+ years in leadership roles
• Bachelor’s degree in computer science, data science, cybersecurity, risk management, artificial intelligence, machine learning, or a related technical field
• Proven experience designing and leading enterprise-wide identity and access management programs
• Hands-on experience with product security, including secure development lifecycle, CI/CD best practices, and IAM risks/mitigation in e-signature and agreement management platforms
• Deep expertise in enterprise security, risk mitigation, and governance of IAM issues across business processes, AI/ML, CRM, ERP, HRM, and emerging technologies
• Experience combating IAM exploitation threats through collaboration with threat intelligence, CSIRT, PSIRT, Product, and Engineering teams
• Strong background in data governance and security frameworks, including attack surface management and data loss prevention tied to IAM
• Demonstrated ability to define security KPIs, metrics pipelines, and executive reporting frameworks with cross-functional stakeholder management

Preferred Qualifications

• Certifications such as CISM, CRISC, CISSP, CCSP, CAIP, or equivalent
• Familiarity with attack surface monitoring, supply chain security, and continuous control validation
• Experience driving automation strategies, predictive analytics, and data-driven insights in IAM
• Knowledge of frameworks including NIST CSF, NIST AI RMF, ISO 27001, ISO 42001, FAIR, SOC 2, and FedRAMP
• Excellent stakeholder management and communication skills across technical and business audiences
• Proven track record embedding IAM best practices into SaaS products like intelligent agreement management and e-signature solutions

Required Skills

• Identity and Access Management (IAM) strategy and program leadership
• Secure development lifecycle (SDLC) and CI/CD integration
• Risk assessment and mitigation for IAM threats
• Enterprise security governance across AI/ML, CRM, ERP, HRM
• Threat intelligence and incident response collaboration (CSIRT, PSIRT)
• Data governance, attack surface management, DLP
• Security metrics, KPIs, and executive reporting
• Cross-functional stakeholder management (Product, Engineering, IT, Privacy)
• Automation and workflow optimization
• Framework knowledge (NIST, ISO, FAIR, SOC 2, FedRAMP)
• Excellent communication across technical/business audiences
• Leadership and team mentoring
• Predictive analytics and data-driven decision making
• Supply chain security and continuous control validation
• Product security for SaaS/e-signature platforms

Benefits

• Competitive base salary: California range $202,800 - $327,625, plus bonus and RSUs
• Paid Time Off including earned time off and company holidays
• Paid Parental Leave up to six months for birth, adoption, or foster care
• Comprehensive Health Benefits Plans with 100% employer-paid options from day one
• Retirement Plans with potential employer contributions
• Learning and Development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events
• Hybrid work model with minimum 2 days in-office per week
• Global benefits tailored to region, fostering work-life balance and innovation

DocuSign is an Equal Opportunity Employer.