Security Risk Manager

Location: Dublin, Ireland

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data trapped inside documents, connecting it to systems of record using the #1 platform in e-signature and contract lifecycle management (CLM). Join our innovative culture where trust and security are paramount, and help protect the agreements that power the global economy. Docusign is seeking a Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team. In this hands-on, individual contributor role reporting to the Senior Director of Security GRC, you will lead modern, data-driven security risk assessments across applications, systems, cloud environments, and our core e-signature and CLM platforms. Combining deep technical expertise with strong business acumen, you will translate complex risk findings into actionable insights that influence engineering, security, and business decisions, advancing the maturity of our Security Risk Management program in a high-growth SaaS environment. Success demands exceptional analytical skills, the ability to influence cross-functional stakeholders with clarity, empathy, and a resolution-driven mindset, and a proactive approach to emerging threats. You will partner with teams to embed risk intelligence into product innovation, develop executive dashboards, leverage GRC automation, and recommend balanced mitigation strategies that protect our customers while enabling business velocity. This hybrid role requires a minimum of 2 days per week in-office, fostering collaboration in our dynamic, trust-building culture. At Docusign, everything is equal. We commit to listening, honesty, and doing what's right, ensuring every team member has equal opportunity to succeed, innovate, and feel pride in work that makes the world more agreeable. If you're passionate about securing intelligent agreement management at scale, apply today and help us build trust for a better future.

Key Responsibilities

• Lead end-to-end security risk assessments of applications, systems, and cloud environments across all security domains, leveraging advanced risk scoring models such as risk quantification
• Identify, assess, monitor, and report on security risks across DocuSign's enterprise, with a focus on protecting intelligent agreement management and e-signature platforms
• Analyze risk data to uncover recurring issues, trends, and root causes, recommending changes to strengthen controls and mitigate threats to business-critical data
• Partner with Engineering, Security, and business functions to embed risk insights into planning, prioritization, and decision-making for DocuSign's innovative products
• Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends in our global SaaS operations
• Support and enhance the security control framework, ensuring risks are effectively mapped to controls relevant to e-signature, CLM, and agreement management services
• Provide recommendations on risk acceptance and mitigation that balance business objectives with security requirements in a fast-paced innovation culture
• Leverage modern GRC platforms and automation (e.g., ServiceNow, OneTrust) to scale risk management processes for DocuSign's 1.5 million customers worldwide
• Stay ahead of emerging risks and industry trends, continuously improving risk practices to safeguard DocuSign's position as the #1 company in e-signature and CLM
• Collaborate cross-functionally to evaluate security controls and business processes, translating findings into meaningful risk insights that drive product innovation

Required Qualifications

• 5+ years of experience in security risk management or related areas
• Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field
• Hands-on expertise in cyber threats, vulnerabilities, and one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security)
• Experience with risk management frameworks such as RMF, ISO 27005, NIST 800-37, or NIST 800-30
• Experience with risk quantification models (e.g., FAIR) or building custom risk scoring approaches
• Experience with control frameworks including SSAE16, ISO27001, NIST CSF/800-53, PCI DSS, SIG, CSA, HIPAA, or FedRAMP
• Experience with GRC platforms and automation tools, preferably ServiceNow IRM

Preferred Qualifications

• Knowledge of cloud environments (AWS, Azure, GCP) and SaaS platforms
• Familiarity with data visualization tools (e.g., Tableau, Power BI) for building risk dashboards
• One or more certifications: CISSP, CRISC, CISM, CTPRP, CISA, CCSP, CIPT, CompTIA Security+, or AWS/Azure Security
• Demonstrated experience in e-signature or intelligent agreement management security risks
• Proven track record in scaling risk management for high-growth SaaS environments

Required Skills

• Security risk assessment and quantification
• Risk management frameworks (RMF, NIST, ISO)
• Cyber threat and vulnerability analysis
• GRC platforms (ServiceNow IRM, OneTrust)
• Cloud security (AWS, Azure, GCP)
• Control frameworks (ISO27001, NIST CSF, PCI DSS)
• Data visualization (Tableau, Power BI)
• Cross-functional stakeholder communication
• Analytical and problem-solving expertise
• Business acumen for risk translation
• Independent ownership and urgency
• Trend analysis and root cause identification
• Automation and scaling of risk processes
• Influence and empathy in decision-making
• SaaS and e-signature security domain knowledge
• Technical writing and dashboard development

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Unlimited PTO and flexible work arrangements including hybrid model
• Professional development stipend and tuition reimbursement
• Stock purchase plan and employee stock purchase program
• Wellness programs, gym memberships, and mental health support
• Parental leave and family planning benefits
• Volunteer time off and community impact programs
• DocuSign swag, global team events, and innovation hackathons

DocuSign is an Equal Opportunity Employer.