Senior Security Technical Program Manager, Platform Security

Location: San Francisco, California

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As the #1 company in these spaces, we unleash business-critical data trapped in documents, connecting it to systems of record to drive efficiency and opportunity. As a Senior Security Technical Program Manager for Platform Security, you will drive security strategy and execution across core infrastructure, multi-cloud platforms, and developer ecosystems that power DocuSign's global e-signature and CLM innovations. This individual contributor role, reporting to the Sr. Manager, Security Product Management, involves leading cross-functional initiatives to embed security-by-design, build scalable controls, and bolster resilience against evolving threats. Partnering with Engineering, Security, and Product teams, you will define roadmaps, track execution, and deliver programs ensuring secure, compliant platforms at enterprise scale in our high-growth environment. You will own large-scale security programs spanning vulnerability management, IAM, encryption, endpoint protection, and automated DevSecOps practices, while championing AI/ML-driven threat detection. By influencing senior leaders and fostering a security-first culture, you will balance risk reduction with business agility, supporting compliance with NIST, ISO 27001, SOC 2, GDPR, HIPAA, and more. This hybrid role (minimum 2 days/week in-office) offers the chance to make a profound impact on platforms trusted by millions, in a company committed to trust, equality, and innovation. Docusign is an Equal Opportunity Employer building diverse teams where everyone thrives. We offer competitive pay, RSUs, comprehensive benefits, and a culture of deep pride in world-changing work.

Key Responsibilities

• Own and scale product and platform security initiatives across DocuSign's engineering organizations, balancing risk reduction with innovation in intelligent agreement management
• Partner with senior engineering, product, and security leaders to embed security into roadmaps, design principles, and decision-making for e-signature and CLM platforms
• Lead cross-functional programs to integrate vulnerability management, IAM, key management, encryption, and endpoint security into platform design and operations
• Collaborate with engineering to develop scalable, automated security controls across multi-cloud environments, infrastructure, and developer ecosystems
• Oversee security monitoring, threat detection, and remediation programs, including incident response and disaster recovery for DocuSign's global systems
• Ensure platforms meet regulatory standards (NIST, ISO 27001, SOC 2, GDPR, HIPAA) while supporting audits and driving continuous compliance improvements
• Drive change management to embed security into platform, process, and technology changes, minimizing risk in high-velocity development cycles
• Establish program roadmaps, KPIs, and executive reporting for clear visibility into security posture and business impact
• Foster a culture of security innovation, championing AI/ML for threat detection and secure DevOps practices in DocuSign's innovation-driven environment
• Bridge engineering, security, and business priorities to deliver secure, compliant platforms that power over 1.5 million customers worldwide

Required Qualifications

• 8+ years of experience in technical program management with a focus on platform, infrastructure, or product security
• Bachelor’s or Master’s degree in Technology, Computer Science, or Cybersecurity
• Hands-on experience with cloud security platforms (AWS, GCP, Azure)
• Proven expertise in vulnerability management, IAM, encryption, and endpoint security
• Demonstrated ability to lead large-scale, cross-functional security initiatives
• Experience with governance, risk, and compliance (GRC) frameworks
• Strong track record in scaling security programs in high-growth technology environments

Preferred Qualifications

• Experience with enterprise IAM platforms (Okta, Azure AD), MDM solutions, and key management systems (KMS/HSM)
• Familiarity with CI/CD pipelines, DevSecOps practices, and automated vulnerability detection/remediation
• Deep knowledge of regulatory frameworks including SOC 2, ISO 27001, GDPR, FedRAMP, and HIPAA
• Proven ability to influence senior leaders and drive security-first principles across engineering and business teams
• Experience scaling platform security in complex, high-growth SaaS organizations like DocuSign

Required Skills

• Cloud security (AWS, GCP, Azure)
• Vulnerability management and remediation
• Identity and Access Management (IAM)
• Encryption and key management (KMS/HSM)
• Endpoint security and MDM
• Governance, Risk, and Compliance (GRC) frameworks
• CI/CD pipelines and DevSecOps
• Program management and roadmap planning
• Executive communication and stakeholder management
• Cross-functional leadership and influence
• Technical acumen bridging engineering and business
• Automated security controls and orchestration
• Threat detection and incident response
• Regulatory compliance (SOC 2, ISO 27001, GDPR, HIPAA)
• Change management and adoption driving
• AI/ML for security innovation

Benefits

• Competitive base salary ($140,000 - $225,075 in California) plus company bonus plan
• Restricted Stock Units (RSUs) as part of total compensation
• Comprehensive health benefits with 100% employer-paid options from day one
• Generous Paid Time Off and paid company holidays
• Paid Parental Leave up to six months for birth, adoption, or foster care
• Retirement plans with potential employer contributions
• Learning and Development programs including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.