Sr. Director, Security Governance, Risk and Compliance

Senior Director, Security Governance, Risk, and Compliance (Grc)

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity.

Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (clm).

As the most trusted brand in our industry, Docusign recognizes the profound importance of maintaining and enhancing customer trust in our products. Docusign's security program is vital to that trust, and this role is a critical leadership position driving our success. The senior director, security governance, risk, and compliance (grc) will be a technically proficient, business savvy leader who manages all aspects of the grc program and multiple facets of product and enterprise security.

Security grc will embed within product, technology, digital technology, and sales teams to proactively identify and reduce security risks - transforming legacy grc practices into a more contemporary, productized capability and replacing document-centric compliance with scalable security controls built directly into engineering and business workflows. The senior director, grc will tailor and implement docusign's security controls framework to protect the platform, company, and customers through a risk-based approach to security.

They will enhance engineering and development capabilities within the grc team; implement contemporary, cost-effective tools and practices to automate historically manual activities; and leverage ai and ml where appropriate to optimize efficiencies while delivering at scale and with speed while managing emerging risk and supporting product and business innovation. This position will leverage leading security frameworks like nist, iso, and bsimm as foundations for the overall security program while driving continuous improvement.

The role will ensure that security governance mechanisms and documentation are implemented and effective. The senior director will also be responsible for driving revenue growth through direct support to sales teams, managing customer security assurance, ensuring audit readiness in preparation for certification and global regulatory and customer requirements. Ultimately, the senior director will be responsible for managing grc product innovation, development, engineering, and delivery.

The role will deepen security within the platform and across the enterprise, while enhancing customer trust. They will be charged with optimizing the grc user experience - serving as the product owner for the security controls framework and security risk mitigation; ensuring policies, standards, procedures, and controls are designed for adoption, automated by default, and measured through real-time data; and driving revenue growth through grc support to the business.

This position is a people manager role reporting to the group vice president, chief information security officer.

responsibility

• lead and manage the global grc team and program, including core components: grc engineering, governance, risk, compliance, and customer security assurance
• manage a high-performing, product-driven team focused on measurable outcomes and continuous improvement. implement tailored program goals, objectives, milestones, key results, and key performance indicators to drive consistent progress and outcomes
• define and drive a multi-year product vision and roadmap for security governance, risk, and compliance (including grc engineering and development) focused on adoption and measurable risk reduction
• establish the architectural blueprint that transforms grc into a scalable product platform and service
• set vision, strategy, and leadership for how governance, risk, and compliance are engineered and automated across the company, translating requirements into a technology-driven automation strategy
• manage architecting of scalable platforms for grc automation and evidence production, while growing the team's technical skills sets and ensuring engineering and development best practices
• manage delivery and prioritization while ensuring timely delivery of grc product, engineering, and risk reduction capabilities
• maintain expertise in components and capabilities of the product ecosystem as well as company infrastructure, environments, data, and security controls
• maintain expertise in security threats, trends, technologies, and industry best practices (existing and emerging)
• serve as a trusted leader/advisor to the ciso, other executives, and teams – translating technical risk into business impact, providing clear updates,…