Director, Security Product Risk Management

Director, Security Product Risk Management

Company Overview : Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).

What You'll Do : The Director, Security Product Risk Management is a strategic and product-focused leader responsible for building and leading a modern, automation-driven, data-informed security risk program that enables the organization to manage risk effectively and at scale. You will lead the design, delivery, and evolution of the security risk management program, ensuring risks are identified, quantified, prioritized, and communicated in business-relevant terms. As the security product owner for Risk, this role is also responsible for setting the vision, roadmap, and priorities for risk analytics, risk automation (data collection and analysis for risk assessments), and continuous monitoring. You'll partner with engineering, product, GRC engineering, cyber defense, compliance, procurement, and business stakeholders to embed risk awareness, automation, and data-driven insights into systems, processes, and their decision-making. This is position is a people manager role reporting to the Senior Director of Security Governance, Risk Management and Compliance (GRC).

Responsibilities :

• Lead and mentor a team of risk managers, risk product managers, and risk analysts
• Build a high-performing, product-driven team focused on measurable outcomes and continuous improvement
• Define, deliver, and continuously evolve security risk management enterprise-wide
• Establish frameworks and processes for risk identification, assessment, prioritization, and reporting
• Drive adoption of quantitative risk methodologies (e.g., FAIR) and data-driven decision-making
• Lead security risk reviews across products, services, and infrastructure to enable faster, risk-informed choices
• Define KPIs, KRIs, and executive-level reporting to measure control effectiveness and risk posture
• Drive user adoption and operational efficiency through automation-first workflows across risk intake and reporting
• Act as the bridge between technical risks and business priorities, ensuring stakeholders have actionable insights
• Leverage predictive analytics and automation to prioritize risks based on potential business impact
• Deliver executive-ready reporting to senior security leadership and cross-functional stakeholders
• Partner closely with engineering to build real-time dashboards and centralized risk data pipelines, and to deliver risk automation capabilities and technical integrations
• Expand third party risk scope to include strategic partners, alliances, joint-service providers and developer ecosystem
• Oversee technical integration reviews for SaaS, APIs, infrastructure connectivity, and data flows
• Build and maintain a fourth-party dependency framework to manage cascading risks
• Use attack surface monitoring, supply chain security platforms, and threat intelligence feeds to continuously track ecosystem exposure
• Partner with engineering, product, cyber defense, compliance, procurement, and legal teams to integrate risk management into business processes
• Collaborate with customer-facing security teams to support security assurance activities where required

Job Designation : Hybrid : Employee divides their time between in-office and remote work. Access