Senior Security Compliance Manager

What you’ll do

The Senior Security Compliance Manager is responsible for maintaining and managing new and ongoing Docusign security commercial certification audits and self-assessments. These include but are not limited to ISO 27001, 27017, 27018, PCI‑DSS 4.0, IRAP, APEC PRP, C5, ISMAP, FISC, SIG, and CSA STAR, etc. The role builds scalable and efficient processes related to supporting the APAC region and overall security compliance programs, working closely with the Compliance team in the United States.

The manager will monitor the security compliance landscape to identify which standards and certifications are relevant for the APAC region and translate them into program actions such as performing gap analysis, remediations, and controls effectiveness testing.

The successful candidate has auditing experience, technical expertise, and information security knowledge to plan, execute and deliver on existing and strategic new Security Compliance certifications. The manager will drive the cross‑functional work necessary to ensure the implementation of the management, operational and technical security controls required to be compliant with all applicable regulations and security compliance standards. They will work in close collaboration with all control owners, Product and Engineering, IT, Security, US Public Sector Compliance, Legal Product and Regulatory Compliance.

The position is an individual contributor role reporting to the Director, Security Compliance.

• Aanalyze the security compliance landscape continuously to identify which standards and certifications are relevant for the APAC region and translate requirements into program actions such as performing gap analysis, remediations, and controls effectiveness testing.
• Lead end‑to‑end ANZ IRAP technical compliance with external auditors and ANZ government agencies and monitor compliance annually;
  This includes mapping IRAP controls to cloud‑native architectures, automating evidence collection, and embedding IRAP requirements into Docusign security controls framework.
• Perform security requirements mappings and develop or enhance controls to meet additional requirements;
  This also includes documentation of Evidence Requirements and Supplemental Guidance to support Security GRC programs and socialize to Control Owners.
• Maintain technical experience and knowledge in Security Domains such as Logging and Detections, and Configuration Management, Vulnerability Management, and Network Security.
• Implement the use of technical controls and/or AI across security audit, certification, and compliance activities to streamline processes such as evidence automation.
• Identify automation opportunities and implement scalable solutions including technical and monitoring controls that integrate seamlessly with systems such as GRC platforms, cloud services, and various ticketing tools.
• Manage and optimize security compliance audits and assessments including customer audits independently end‑to‑end while adhering to strict deadlines and maintaining executive level metrics and reporting.
• Partner with engineering and product teams to embed compliance into the system design, architect, and operationalize technical solutions to reduce audit fatigue and streamline compliance team operations using tooling and AI.
• Define and publish technical security and compliance requirements and controls guidance utilizing technology and/or AI to empower control owners and obtain actionable commitment from relevant stakeholders.

Hybrid: Employee divides their time between in‑office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in‑office expectation)

• Experience with Security Compliance frameworks such as ANZ IRAP, Italy ACN, UK Cyber Essentials, and AI Standards such as ISO 42001 and NIST AI RMF.
• Experience in supporting compliance automation.
• Experience with cloud infrastructure (Azure, AWS, GCP) and SaaS technology.
• Bachelor’s degree in Computer Science, Information Systems, or a related field or equivalent work experience.
• 8+ years of relevant work experience in…