Sr. Security GRC Product Manager

Location: San Francisco, California; Chicago, Illinois; Seattle, Washington

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record to drive efficiency, security, and innovation. Join our mission to make the world more agreeable by ensuring our platform's governance, risk, and compliance (GRC) capabilities scale securely with our global growth. Docusign is hiring a Senior Security GRC Product Manager to own the strategy, roadmap, and delivery of GRC platforms and capabilities. This senior individual contributor role reports to the Senior Director of Security Governance, Risk Management and Compliance. You will partner with engineering, security, compliance, and business stakeholders to design automation-first solutions that modernize risk and compliance processes enterprise-wide. Leveraging your deep expertise in security frameworks, you will own the full product lifecycle—from requirements gathering and feature prioritization to adoption and measurable outcomes—ensuring DocuSign's e-signature and CLM innovations remain compliant and resilient. In this role, you will define roadmaps for platforms like ServiceNow IRM or OneTrust, translate regulations like GDPR and FedRAMP into automated workflows, and deliver executive dashboards for real-time insights. Drive integrations with DocuSign's cloud ecosystem, champion user adoption across teams, and innovate GRC to support our Intelligent Agreement Management platform. This hybrid role (minimum 2 days/week in-office) thrives in Docusign's collaborative, innovative culture where bold ideas build trust and transform agreements. Docusign is committed to equal opportunity, diversity, and building trust. We offer competitive pay, RSUs, comprehensive benefits, and a workplace where everyone can thrive. This position is not eligible for employment in certain states (Alaska, Hawaii, etc.). Apply to help secure the future of agreements at the world's leading e-signature company.

Key Responsibilities

• Define and execute the product strategy and multi-year roadmap for DocuSign's GRC platforms including ServiceNow IRM, OneTrust, Archer, LogicGate, or custom tools
• Partner with Security, Engineering, Compliance, and business teams to translate regulatory, audit, and business requirements into scalable, automation-first workflows
• Collaborate with GRC Engineering to deliver seamless integrations, real-time dashboards, and reporting for comprehensive visibility into risk, compliance, and control posture
• Act as product owner in agile ceremonies: prioritize backlogs, define user stories, and ensure on-time delivery against roadmap commitments
• Drive the design and continuous improvement of workflows for risk assessments, control testing, policy exceptions, issues management, and automated evidence collection
• Champion adoption and user engagement for GRC tools across engineering, business, and compliance teams to maximize platform value
• Ensure GRC platforms integrate with DocuSign's cloud, SaaS, and enterprise systems to enable automated evidence gathering and continuous monitoring
• Develop and deliver executive dashboards, KPIs, and reporting logic providing actionable insights into security and compliance metrics
• Engage cross-functional stakeholders to measure and drive adoption, usage, and tangible business impact from GRC initiatives
• Innovate GRC solutions that support DocuSign's Intelligent Agreement Management platform, e-signature security, and global compliance needs

Required Qualifications

• 8+ years of experience in product management, security GRC, or related domains
• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field
• Hands-on experience with security, risk, compliance, and control frameworks including ISO 27001, SOC 2, NIST CSF, FedRAMP, GDPR, DORA, and HIPAA
• Proven experience with GRC platforms such as ServiceNow IRM, Archer, OneTrust, or LogicGate
• Demonstrated ability to translate complex regulatory and security requirements into actionable business and technical specifications
• Experience delivering automation-enabled workflows and solutions for GRC use cases
• Strong understanding of enterprise-scale risk management and compliance processes

Preferred Qualifications

• Certifications such as CISM, CRISC, CISSP, CTPRP, or PMP
• Experience building interactive dashboards and reporting with tools like Tableau, Power BI, or Looker
• Track record of scaling enterprise-wide GRC programs through automation and system integrations
• Excellent stakeholder management skills with proven ability to influence engineering, compliance, and executive teams
• Strong communication and executive presence, including briefing senior leadership on GRC initiatives

Required Skills

• Product management lifecycle ownership
• GRC platform expertise (ServiceNow IRM, Archer, OneTrust, LogicGate)
• Security and compliance frameworks (ISO 27001, SOC 2, NIST, FedRAMP, GDPR, HIPAA)
• Regulatory requirements translation to technical specs
• Automation workflow design and delivery
• Agile product ownership and backlog prioritization
• Stakeholder management and influence
• Dashboard and KPI development (Tableau, Power BI, Looker)
• System integrations for cloud/SaaS environments
• Risk assessment and control testing processes
• Executive communication and presentation
• Enterprise GRC program scaling
• User adoption and change management
• Strategic roadmap planning
• Cross-functional collaboration
• Real-time reporting and analytics

Benefits

• Competitive base salary with location-specific ranges (e.g., California: $140,000 - $225,075)
• Company bonus plan calculated as a percentage of eligible wages based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off including earned time off and company holidays
• Paid Parental Leave up to six months for birth, adoption, or foster care
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with potential employer contributions
• Learning and development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.