Security Third Party Risk Manager

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record to drive efficiency and innovation. Join our innovative culture where trust, equality, and bold ideas shape the future of secure digital agreements. Docusign is hiring a Security Third-Party Risk Manager to join our Security Risk Management team. In this individual contributor role reporting to the Senior Manager of Security Third-Party Risk Product Management, you will play a pivotal role in managing risks across our vendor and partner ecosystem. Focus areas include executing risk assessments, overseeing technical integration reviews for SaaS platforms, APIs, and cloud services critical to our e-signature and CLM platform, supporting automation-enabled monitoring, and delivering actionable insights. This position demands technical expertise, risk management acumen, and exceptional communication skills to collaborate with Security, GRC, Legal, Compliance, Procurement, and business functions in our fast-paced, innovative environment. What you'll do: Lead third-party risk assessments across security, operational, compliance, and privacy domains; conduct technical reviews for data-sharing workflows ensuring safeguards for DocuSign's Intelligent Agreement Management; monitor vendor risks and escalate fourth-party issues; support full vendor lifecycle security evaluations; investigate incidents with vendors; partner on contracts reflecting risk requirements; collaborate on vulnerability remediation and GRC automation; and create risk reports for leadership and customer/regulatory reviews. This hybrid role requires minimum 2 days per week in-office. What you bring: 5+ years in TPRM, vendor security, or SaaS integrations; Bachelor’s in Information Security or related; deep knowledge of TPRM frameworks (SIG, NIST 800-161, DORA) and tools (BitSight, SecurityScorecard); expertise in security/privacy standards (SOC 2, GDPR); and strong cross-team collaboration. Preferred: CISM/CISSP, automation experience, leadership reporting. At Docusign, we foster an inclusive culture committed to trust, equality, and making the world more agreeable—apply to contribute to our mission today.

Key Responsibilities

• Lead execution of third-party risk assessments and due diligence across security, operational, compliance, and privacy domains
• Conduct technical integration reviews for SaaS platforms, APIs, cloud services, and data-sharing workflows, ensuring appropriate security safeguards for DocuSign's Intelligent Agreement Management platform
• Monitor and analyze vendor risk data and ecosystem dependencies, escalating systemic or fourth-party risks to leadership
• Support the vendor lifecycle by evaluating security posture during onboarding, renewals, and offboarding
• Participate in third-party incident investigations, coordinating with vendors and business stakeholders for timely resolution and documentation
• Partner with Procurement, Legal, and Compliance to ensure contractual agreements reflect security and risk requirements aligned with e-signature and CLM standards
• Work closely with Security Operations and Incident Response to address vendor vulnerabilities and remediation efforts
• Collaborate with GRC Engineering on automation and continuous monitoring initiatives, providing requirements and validating outputs
• Develop and deliver risk reports and dashboards highlighting vendor and partner risk posture for stakeholders
• Contribute to customer and regulatory reviews by maintaining validated vendor risk information and evidence

Required Qualifications

• 5+ years of experience in third-party risk management, vendor security, SaaS/API integrations, or supply chain risk
• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field
• Strong knowledge of TPRM methodologies, frameworks, and regulations (e.g., SIG, CSA, ISO 27036, NIST 800-161, DORA)
• Hands-on experience conducting vendor risk assessments and technical reviews
• Familiarity with SaaS, APIs, cloud services, and shared responsibility models
• Hands-on knowledge of TPRM tools and continuous monitoring platforms (e.g., BitSight, SecurityScorecard, ServiceNow, OneTrust, Process Unity)
• Strong knowledge of security and privacy frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, FedRAMP)

Preferred Qualifications

• Professional certifications (CISM, CISSP, CRISC, CISA)
• Experience supporting automation-enabled TPRM processes
• Experience preparing risk insights for leadership or supporting customer-facing security reviews
• Background in e-signature, CLM, or intelligent agreement management platforms
• Proven track record in high-growth SaaS environments

Required Skills

• Third-party risk management (TPRM) expertise
• Vendor security assessment and due diligence
• SaaS/API integration security reviews
• Cloud services and shared responsibility models
• TPRM tools (BitSight, SecurityScorecard, ServiceNow, OneTrust, Process Unity)
• Security frameworks (SOC 2, ISO 27001, NIST CSF)
• Privacy regulations (GDPR, FedRAMP)
• Risk reporting and dashboard development
• Stakeholder collaboration across Security, GRC, Legal, Procurement
• Incident investigation and remediation coordination
• Automation and continuous monitoring processes
• Strong written and verbal communication
• Technical analysis of vendor ecosystems
• Influence without authority in cross-functional teams
• Problem-solving in complex supply chain risks

Benefits

• Competitive base salary and performance-based incentives
• Comprehensive health, dental, and vision insurance
• 401(k) retirement savings plan with company match
• Unlimited PTO and flexible work arrangements
• Professional development stipend and tuition reimbursement
• Stock purchase plan and employee stock purchase program
• Wellness programs including gym memberships and mental health support
• Parental leave and family planning benefits
• Volunteer time off and community impact programs

DocuSign is an Equal Opportunity Employer.