Security GRC Engineer

Overview

Docusign is hiring a Security GRC Engineer to design, build, and scale the next generation of automation-first GRC solutions. This is a high impact, hands-on technical role for engineers who are passionate about solving complex problems at the intersection of security, risk and technology. You will transform traditional governance, risk, and compliance processes into intelligent, data-driven, and automated systems, integrating across enterprise GRC platforms, cloud services, and data pipelines — applying modern automation and AI / ML techniques to enhance security outcomes, reduce audit fatigue, and enable continuous control monitoring. The ideal candidate has strong technical expertise in security engineering, automation, and cloud platforms, with the ability to translate compliance and risk requirements into scalable, engineering-driven solutions. This role provides an opportunity to help shape how GRC is delivered across the enterprise, working closely with engineering, security, and business teams. This is an individual contributor role reporting to the Senior Manager of GRC Engineering.

Responsibilities

Design and implement automation frameworks that connect GRC platforms, cloud services, and enterprise data systems to enable continuous control monitoring

Develop and deploy AI / ML-enabled solutions for risk scoring, control validation, evidence collection, and anomaly detection in compliance data

Build dashboards and data pipelines that integrate metrics across multiple systems to provide actionable insights for risk and compliance teams

Engineer scalable automation and orchestration workflows to enforce policies, detect configuration drift, and remediate non-compliant systems at scale

Extend and enhance enterprise GRC platforms (e.g., ServiceNow, OneTrust) through custom workflows, connectors, and APIs

Use scripting, orchestration, and data engineering (Python, C#, SQL, Docker, Kubernetes) to deliver reliable, scalable solutions

Evaluate and integrate emerging technologies (e.g., generative AI, NLP, graph analytics) to improve GRC outcomes and efficiency

Partner with engineering, security, compliance, and audit teams to translate requirements into scalable technical solutions

Operate GRC processes and tools as products, ensuring continuous value delivery and measurable impact

Champion automation-first GRC practices that reduce audit fatigue and operational overhead

Qualifications

Basic

5+ years of experience in Information Security, with significant focus on GRC engineering and automation

University degree in Computer Science, Information Systems, or related field

One or more of these certifications : CISM, CISA, CISSP, CEH, CompTIA Security+, AWS / Azure Security

Experience designing and deploying scalable automated processes via orchestration or automation tools to streamline GRC processes (control testing, evidence collection and analysis)

Experience with programming and orchestration (Python, C#, SQL, Container Orchestration Services including Docker and Kubernetes)

Experience integrating security / compliance tooling with cloud environments (Azure, AWS, GCP)

Experience with data engineering and building scalable reporting pipelines

Preferred

Strong cross-functional collaboration, communication, and technical leadership skills

Solid understanding of information security concepts, processes, controls and tools

Experience with new AI technologies (agents / agentic workflows, LLM APIs, etc)

Experience with securely implementing AI / ML architecture and platforms in the enterprise

Familiarity with AI governance and risk management frameworks (NIST AI RMF, ISO 42001)

Knowledge of regulations and standards including PCI-DSS, ISO 27001, OWASP, and NIST Cybersecurity frameworks

Wage Transparency

Pay for this position is based on location and may vary with job-related knowledge, skills, and experience. California : 128,400.00 - 200,200.00 base salary; Illinois, Colorado, Massachusetts and Minnesota : 123,800.00 - 170,225.00; Washington, Maryland, New Jersey and New York (including NYC metro area) : 123,800.00 - 176,625.00. This role is also eligible for applicable bonus and RSUs where provided.

Benefits

Paid Time Off and holidays based on region

Paid Parental Leave up to six months after birth / adoption / foster care

Health benefits plans from day one of employment

Retirement plans with employer contributions

Learning and development opportunities

Compassionate Care Leave for life-changing events

Job Designation

Hybrid : Employee splits time between in-office and remote work. In-office access is required. Frequency : minimum 2 days per week. Job designation may vary by team and business needs.

What you bring

Basic

5+ years of information security experience with GRC automation

University degree in CS, Information Systems, or related field

Certifications : CISM, CISA, CISSP, CEH, CompTIA Security+, AWS / Azure Security

Experience designing and deploying scalable automated GRC processes

Experience with Python, C#, SQL, Docker, Kubernetes

Experience integrating tooling with Azure, AWS, or GCP

Experience with data engineering and scalable reporting

Preferred

Strong cross-functional collaboration and technical leadership

Solid understanding of security concepts, controls, and tools

Experience with AI technologies and AI governance

Familiarity with PCI-DSS, ISO 27001, OWASP, NIST cyber risk frameworks

EEO and Accommodation

Equity and opportunity for all. Docusign is an Equal Opportunity Employer. Accommodation requests : accommodations@docusign.com. If you experience issues with the application process, contact taops@docusign.com. This position may be subject to state eligibility restrictions where applicable.

#J-18808-Ljbffr