Technical Security Risk Manager

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data trapped inside of documents. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). We are seeking a Technical Security Risk Manager to join our Security Governance, Risk & Compliance (GRC) team. In this hands-on, individual contributor role reporting to the Director of Security Product Risk Management, you will drive data-informed, technically grounded security risk assessments across applications, infrastructure, and cloud environments that power our e-signature and CLM innovations. Blending traditional risk management with deep technical expertise, you will validate risks, analyze threats, and evaluate control effectiveness while partnering closely with Product, Platform, and domain Security Engineers across Security, Engineering, and IT teams to identify, quantify, and mitigate risks through actionable insights. What you'll do: Perform end-to-end technical risk assessments, conduct data correlation from vulnerability and configuration tools, support threat modeling, and embed secure-by-design principles into the SDLC for DocuSign's global platform. Identify risk patterns, enhance control frameworks, develop executive dashboards, automate workflows with GRC tools, and stay ahead of emerging threats to safeguard our customers' trust. This role is pivotal in maintaining DocuSign's leadership in secure, innovative agreement management. What you bring: 5+ years in security risk management or engineering, a Bachelor’s in Computer Science or related field, strong grasp of cyber threats across domains, experience with risk frameworks and quantification, hands-on GRC and security tools, and excellent bridging skills between technical and business teams. Preferred: Relevant certifications, cloud-native expertise, dashboarding, and DevSecOps. This is a hybrid role (minimum 2 days/week in-office). At Docusign, we foster an innovation culture where trust, equality, and impact drive us to make the world more agreeable—join us to protect and propel our mission.

Key Responsibilities

• Perform end-to-end technical risk assessments across DocuSign's applications, platforms, and cloud services, validating risks through technical analysis and security control testing
• Conduct technical risk analysis by correlating data from vulnerability management, configuration assessments, and monitoring tools to identify emerging risks in our intelligent agreement management platform
• Support threat modeling efforts to assess potential attack vectors and prioritize mitigations based on impact and likelihood for e-signature and CLM solutions
• Collaborate with Product Security and Engineering teams to embed secure-by-design and risk-aware decision-making throughout the software development lifecycle
• Identify recurring risk patterns across DocuSign's global infrastructure and recommend control or process improvements that address root causes
• Contribute to maintaining and enhancing the security control framework, ensuring accurate mappings between risks and controls relevant to e-signature compliance
• Develop risk dashboards and reporting metrics that visualize exposure, trends, and remediation progress for leadership and stakeholders
• Partner with GRC Engineering to automate risk management workflows using platforms like ServiceNow IRM or OneTrust
• Stay informed on emerging security threats, vulnerabilities, and exploit trends to continuously improve DocuSign's risk posture and protect over 1.5 million customers
• Drive data-informed security risk decisions that support DocuSign's innovation in agreement management and e-signature technologies

Required Qualifications

• 5+ years of experience in security risk management, security engineering, or product security
• Bachelor’s degree in Computer Science, Information Security, or a related field
• Strong understanding of cyber threats, vulnerabilities, and control effectiveness across application, infrastructure, and cloud security domains
• Experience performing technical security analysis, including reviewing system designs, interpreting vulnerability data, or assessing configuration and access control risks
• Familiarity with risk management frameworks (ISO 27005, NIST 800-30, NIST RMF) and control frameworks (ISO 27001, NIST CSF, PCI DSS, FedRAMP)
• Experience with risk quantification methods such as FAIR or custom scoring models
• Hands-on experience with GRC tools (ServiceNow IRM, OneTrust) and security platforms (e.g., Wiz, Tenable)
• Strong analytical, problem-solving, and communication skills with the ability to bridge technical and business audiences

Preferred Qualifications

• One or more certifications: CISSP, CRISC, CISM, CCSP, AWS/Azure Security, or CompTIA Security+
• Experience conducting technical control validation and threat modeling in partnership with Security Architecture or Product Security teams
• Strong understanding of cloud-native security controls and modern application architectures (microservices, APIs, containers)
• Experience integrating security and risk metrics into data dashboards (Tableau, Power BI, or similar)
• Demonstrated ability to influence and drive outcomes across cross-functional technical teams
• Familiarity with DevSecOps practices and automation of risk assessment workflows

Required Skills

• Technical security analysis
• Risk quantification (FAIR models)
• Threat modeling
• Vulnerability management
• Cloud security (AWS/Azure)
• GRC platforms (ServiceNow IRM, OneTrust)
• Security tools (Wiz, Tenable)
• Risk frameworks (NIST, ISO 27005)
• Control frameworks (ISO 27001, NIST CSF, PCI DSS)
• Data visualization (Tableau, Power BI)
• Analytical problem-solving
• Cross-functional communication
• Influence and stakeholder management
• DevSecOps practices
• Automation scripting
• Microservices and API security
• Container security
• Secure SDLC integration

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Unlimited PTO and flexible work arrangements
• Professional development stipend and tuition reimbursement
• Stock purchase plan and employee stock purchase program
• Wellness programs including gym memberships and mental health support
• Parental leave and family planning benefits
• Volunteer time off and community impact programs
• Hybrid work model with access to modern office spaces

DocuSign is an Equal Opportunity Employer.