Job Details

Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business‑critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e‑signature and CLM.

Position Overview

We are hiring a Security Risk Product Manager to drive the design and delivery of security risk quantification and testing capabilities, combining product ownership, risk analytics, and technical execution.

Responsibilities

• Drive the product roadmap for security risk quantification and testing enablement
• Act as a risk product owner in agile ceremonies: prioritize backlogs, define user stories, and ensure delivery against roadmap commitments
• Collaborate with GRC Engineering to design and deliver risk-scoring engines, automation workflows, dashboards, and integration points across systems (e.g., ServiceNow IRM, Power BI)
• Partner with engineering, product security, architecture teams to embed quantifiable risk testing principles across all technology development such as products, APIs, environments and cloud services
• Build and maintain relevant dashboards to report on risk scenarios and control performance metrics
• Integrate quantifiable risk outputs and testing data into executive security risk reporting
• Assess and quantify security risks across APIs and system integrations, ensuring testing coverage and risk scoring reflect exposure across interconnected services

Qualifications

Basic

• 5+ years of experience in security risk management, security product management, risk analytics or SaaS/API security and integrations risk
• Bachelor's degree in Information Security, Information Systems, Computer Science, or related field
• Experience with security frameworks (NIST CSF, ISO 27001/27005, SOC 2, FedRAMP) and quantification methodologies (FAIR or similar)
• Experience with quantitative risk techniques (e.g., FAIR, Monte Carlo simulation) or control telemetry data pipelines
• Experience with GRC platforms (ServiceNow IRM) and data analytics tools (Power BI, Looker, Tableau)
• Experience conducting security risk assessments and technical reviews
• Experience with SaaS, APIs, cloud services and shared responsibility models

Preferred

• Strong cross‑functional communication skills, able to translate technical risks into business impact and vice versa
• Analytical and structured thinker with comfort managing data‑driven initiatives and automation programs
• Professional certifications such as CRISC, FAIR or CISSP
• Demonstrated ability to prioritize features, manage competing requirements, and deliver iterative product releases in collaboration with engineering and design partners
• Experience preparing risk insights to senior leadership

Benefits

• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life‑changing events

Equal Opportunity Employer

Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can‑do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

Accommodation: Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at ...@docusign.com.