Security Risk Manager

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data trapped inside of documents, connecting it to systems of record using the #1 company in e-signature and contract lifecycle management (CLM). We're seeking a Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team in this hands-on, individual contributor role reporting to the Director of Security Product Risk Management. In a hybrid designation (minimum 2 days per week in-office), you'll lead modern, data-driven security risk assessments, advancing the maturity of our Security Risk Management program while safeguarding our innovative e-signature platform. The ideal candidate combines deep technical expertise in cyber threats across domains like cloud, application, and AI security with strong business acumen to translate risk findings into actionable insights that influence engineering, security, and business decisions. You'll conduct end-to-end risk assessments of applications, systems, and cloud environments (AWS, Azure, GCP), analyze trends using GRC tools like ServiceNow IRM, and develop dashboards in Tableau or Power BI to provide leadership with clear visibility into risk exposure. Partnering cross-functionally, you'll embed risk intelligence into product planning, recommend balanced mitigation strategies, and leverage frameworks like NIST, ISO 27001, and FAIR to protect customer trust in our global SaaS operations. Success demands strong analytical skills, the confidence to influence stakeholders with clarity and empathy, and a resolution-driven mindset in our innovative culture. Stay ahead of emerging risks to continuously evolve our practices, ensuring DocuSign's Intelligent Agreement Management platform remains secure amid rapid innovation. Join us to make the world more agreeable, where your contributions build trust for employees, customers, and communities worldwide. #LI-Hybrid #LI-SV6

Key Responsibilities

• Lead end-to-end risk assessments of applications, systems, and cloud environments across all security domains for DocuSign's Intelligent Agreement Management platform
• Identify, assess, monitor, and report on security risks across the enterprise, protecting e-signature and CLM solutions used by over 1.5 million customers
• Analyze risk data to uncover recurring issues, trends, and root causes, recommending changes to strengthen controls and mitigate threats to agreement workflows
• Partner with Engineering, Security, and business functions to embed risk insights into planning, prioritization, and decision-making for product innovation
• Develop and maintain risk dashboards and metrics providing leadership with actionable insights into risk exposure and trends in real-time
• Support and enhance the security control framework, ensuring risks are effectively mapped to controls relevant to DocuSign's global SaaS operations
• Provide recommendations on risk acceptance and mitigation that balance business objectives with security requirements for rapid agreement deployment
• Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes supporting high-volume e-signatures
• Stay ahead of emerging risks and industry trends to continuously improve risk practices, fostering DocuSign's culture of security innovation
• Collaborate cross-functionally to translate security findings into meaningful insights that drive secure, customer-trusted digital agreements

Required Qualifications

• 5+ years of experience in security risk management or related areas
• Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field
• Strong understanding of cyber threats and vulnerabilities, with hands-on expertise in one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security)
• Experience with risk management frameworks (RMF, ISO 27005, NIST 800-37, NIST 800-30)
• Experience with risk quantification models (e.g., FAIR) or building custom risk scoring approaches
• Experience with control frameworks (SSAE16, ISO27001, NIST CSF/800-53, PCI DSS, SIG, CSA, HIPAA, FedRAMP)
• Strong experience with GRC platforms and automation tools, preferably ServiceNow IRM
• One or more certifications: CISSP, CRISC, CISM, CTPRP, CISA, CCSP, CIPT, CompTIA Security+, or AWS/Azure Security

Preferred Qualifications

• Knowledge of cloud environments (AWS, Azure, GCP) and SaaS platforms
• Familiarity with data visualization tools (e.g., Tableau, Power BI) for building risk dashboards
• Demonstrated ability to work independently with a strong sense of ownership, urgency, and drive
• Strong business acumen with the ability to communicate risk to technical and non-technical stakeholders
• Experience working cross-functionally to evaluate security controls and business processes
• Proven track record in SaaS or e-signature industry security risk management

Required Skills

• Cyber threat and vulnerability analysis
• Risk management frameworks (RMF, NIST 800-37/30, ISO 27005)
• Risk quantification (FAIR, custom scoring)
• Control frameworks (NIST CSF/800-53, ISO27001, PCI DSS, FedRAMP)
• GRC platforms (ServiceNow IRM, OneTrust)
• Cloud security (AWS, Azure, GCP)
• SaaS platform security expertise
• Data visualization (Tableau, Power BI)
• Cross-functional stakeholder influence
• Analytical and root cause analysis
• Problem-solving and decision-making
• Technical communication to non-technical audiences
• Business acumen for risk prioritization
• Independent ownership and urgency
• Trend analysis and emerging risk identification
• Automation and scaling of risk processes

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Unlimited PTO policy to support work-life balance
• Professional development stipend for certifications and training
• Stock purchase plan and employee stock purchase program
• Hybrid work model with collaborative in-office experiences
• Wellness programs including mental health support and fitness reimbursements
• Parental leave and family-friendly policies
• Volunteer time off and community impact opportunities

DocuSign is an Equal Opportunity Employer.