Senior Manager, GRC Engineering

Location: Seattle, Washington; Chicago, Illinois; San Francisco, California

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record to drive efficiency and opportunity. The Senior Manager, GRC Engineering will define and execute the strategy for GRC automation, data pipelines, and analytics, enabling a scalable, technology-driven governance model that powers DocuSign's security and compliance posture. This people manager role leads the engineering function behind critical GRC capabilities including evidence automation, policy exception workflows, dashboard creation, metrics pipelines, and platform integrations. Reporting to the Senior Director of Security GRC, you will partner closely with Product, Technology Engineering, Data, and Security teams to establish modern, automated processes that protect DocuSign's innovative e-signature platform and global customer base. Key responsibilities include defining the GRC engineering roadmap, building and mentoring engineering teams, providing hands-on technical leadership, and driving integrations with cloud environments (AWS, GCP, Azure) and SaaS platforms. You will champion self-service automation, embed security controls into CI/CD pipelines, explore AI/ML for risk intelligence, and deliver executive dashboards measuring compliance effectiveness across all DocuSign products and environments. This hybrid role (minimum 2 days/week in-office) offers the chance to shape DocuSign's automation-first GRC strategy while fostering a high-performing engineering culture. Join our innovation-driven team committed to building trust, ensuring equal opportunity, and making the world more agreeable through secure, compliant agreement management solutions.

Key Responsibilities

• Define the strategic roadmap for GRC engineering, automation, and analytics capabilities to support DocuSign's Intelligent Agreement Management platform
• Build, lead, and mentor a high-performing team of GRC engineers and platform specialists
• Provide technical leadership by reviewing integrations, scripts, pipelines, configurations, and platform builds for the GRC Engineering team
• Lead design and implementation of scalable evidence collection systems, metrics pipelines, compliance workflows, and policy exception processes
• Integrate GRC systems with cloud/SaaS environments (AWS, GCP, Azure) to enable automated evidence collection and continuous control monitoring
• Partner with GRC, Security, Engineering, and IT teams to align solutions with DocuSign's business priorities and regulatory requirements
• Develop dashboards, KPIs, KRIs, and reporting logic to measure security compliance and control effectiveness across all DocuSign products
• Embed security control validation into CI/CD pipelines and collaborate with DevSecOps to ensure compliance-by-design in e-signature innovations
• Explore AI/ML capabilities for risk scoring, document summarization, and automated control mapping to enhance GRC efficiency
• Establish consistent metrics pipelines and partner with analytics teams using Tableau, Power BI, or Looker for executive reporting
• Act as the bridge between GRC, Internal Audit, Engineering, and Security teams to drive cross-functional integration
• Influence resource allocation, set performance goals, and foster technical excellence within the GRC engineering culture

Required Qualifications

• 8+ years of experience in information security, GRC, or security engineering, with 5+ years in a leadership role
• Bachelor’s or Master's degree in Computer Science, Computer Engineering, Software Engineering, or related field
• Relevant certifications such as CISM, CISSP, CCSP, or equivalent
• Experience building GRC engineering capabilities, including automation, evidence connectors, dashboards, and policy workflows
• Experience with GRC platforms (e.g., ServiceNow GRC, LogicGate, OneTrust) and their integrations into enterprise environments
• Experience with modern cloud and SaaS security models (AWS, GCP, Azure) and evidence automation using APIs/SDKs
• Experience with DevSecOps practices, CI/CD integrations, and security control validation pipelines
• Proven ability to define strategic roadmaps, lead cross-functional programs, and deliver measurable business outcomes

Preferred Qualifications

• Excellent stakeholder management skills, able to partner with engineering, security, compliance, and product teams
• Hands-on familiarity with evidence automation scripting (Python, REST APIs, SDK integrations)
• Experience with metrics visualization tools such as Tableau, Power BI, or Looker
• Exposure to AI/ML solutions for GRC, including document summarization, LLM copilots, or automated control mapping
• Excellent documentation and reporting skills
• Excellent collaboration and communication skills across technical and non-technical audiences

Required Skills

• GRC platform expertise (ServiceNow IRM, LogicGate, OneTrust)
• Cloud security architecture (AWS, GCP, Azure)
• API/SDK integration and evidence automation
• Python scripting and REST API development
• DevSecOps and CI/CD pipeline integration
• Metrics pipeline development and data engineering
• Dashboard creation (Tableau, Power BI, Looker)
• Strategic roadmap planning and execution
• Cross-functional stakeholder management
• Technical leadership and code/platform reviews
• AI/ML for GRC applications
• Compliance workflow automation
• Policy exception management systems
• Continuous control monitoring
• Executive reporting and KPI/KRI development
• Team building and mentorship
• Vendor platform integration (Jira, etc.)
• Security control validation

Benefits

• Competitive base salary with location-specific ranges (CA: $177,900-$287,425; WA/NY/NJ: $170,900-$251,325)
• Company bonus plan calculated as percentage of eligible wages based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off including earned time off and company holidays
• Paid Parental Leave up to six months for birth, adoption, or foster care
• Full Health Benefits Plans with 100% employer-paid options from day one
• Retirement Plans with potential employer contributions
• Learning and Development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.