Director, Security Product Risk Management

Director, Security Product Risk Management

Join to apply for the Director, Security Product Risk Management role at Docusign

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).

What you’ll do

The Director, Security Product Risk Management is a strategic and product-focused leader responsible for building and leading a modern, automation-driven, data-informed security risk program that enables the organization to manage risk effectively and at scale. You will lead the design, delivery, and evolution of the security risk management program, ensuring risks are identified, quantified, prioritized, and communicated in business-relevant terms.

As the security product owner for Risk, this role is also responsible for setting the vision, roadmap, and priorities for risk analytics, risk automation (data collection and analysis for risk assessments), and continuous monitoring. You’ll partner with engineering, product, GRC engineering, cyber defense, compliance, procurement, and business stakeholders to embed risk awareness, automation, and data-driven insights into systems, processes, and their decision-making.

This is a people manager role reporting to the Senior Director of Security Governance, Risk Management and Compliance (GRC).

Responsibilities

• Lead and mentor a team of risk managers, risk product managers, and risk analysts
• Build a high-performing, product-driven team focused on measurable outcomes and continuous improvement
• Define, deliver, and continuously evolve security risk management enterprise-wide
• Establish frameworks and processes for risk identification, assessment, prioritization, and reporting
• Drive adoption of quantitative risk methodologies (e.g., FAIR) and data-driven decision-making
• Lead security risk reviews across products, services, and infrastructure to enable faster, risk-informed choices
• Define KPIs, KRIs, and executive-level reporting to measure control effectiveness and risk posture
• Drive user adoption and operational efficiency through automation-first workflows across risk intake and reporting
• Act as the bridge between technical risks and business priorities, ensuring stakeholders have actionable insights
• Leverage predictive analytics and automation to prioritize risks based on potential business impact
• Deliver executive-ready reporting to senior security leadership and cross-functional stakeholders
• Partner closely with engineering to build real-time dashboards and centralized risk data pipelines, and to deliver risk automation capabilities and technical integrations
• Expand third party risk scope to include strategic partners, alliances, joint-service providers and developer ecosystem
• Oversee technical integration reviews for SaaS, APIs, infrastructure connectivity, and data flows
• Build and maintain a fourth-party dependency framework to manage cascading risks
• Use attack surface monitoring, supply chain security platforms, and threat intelligence feeds to continuously track ecosystem exposure
• Partner with engineering, product, cyber defense, compliance, procurement, and legal teams to integrate risk management into business processes
• Collaborate with customer-facing security teams to support security assurance activities where required

What you bring

Basic

Preferred

Wage Transparency

Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience. Based on applicable legislation, the below details pay ranges in the following locations :

This Role Is Also Eligible For The Following

Benefits

Life at Docusign

Working here and accommodations information are available; Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in the job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact accommodations@docusign.com. If you experience any issues during the application process please contact taops@docusign.com. EEO notice and privacy information are provided as part of applicant resources.

#J-18808-Ljbffr