Sr. Security Manager, Public Sector

Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business‑critical data that is trapped inside of documents.

The Information System Security Officer (ISSO) or Security Manager is a technical individual contributor role. Acting as the primary subject matter expert for the Assessment and Authorization (A&A) process across Docusign's Public Sector Products, you will lead initiatives to develop and implement effective compliance solutions and rigorously assess risk. You will collaborate across the organization to translate high‑level compliance requirements into actionable technical specifications, ensuring that Docusign’s Public Sector offerings remain secure and fully authorized for government agencies.

• Drive the full lifecycle from system categorization to receiving formal ATO for Federal and DoD information systems.
• Develop and maintain Assessment and Authorization artifacts, including the System Security Plan (SSP), Security Assessment Plan (SAP), and all Appendix Plans.
• Ensure all ATO package deliverables are audit‑ready and align with NIST FedRAMP Special Publications, CNSSI 1253, and the DoD Cloud SRG.
• Lead mature security reviews across core products, microservices, and native cloud environments with high‑fidelity artifacts and evidence.
• Maintain and help mature the risk management process using NIST 800‑30 or 800‑37 to ensure compliance and proactive risk reduction.
• Improve risk visibility by integrating data from multiple manual or automated assessments and internal audits.
• Develop playbooks and procedures to support technical teams in executing compliance initiatives.
• Present risk in regulatory, business, or cybersecurity context to align with Executive Leadership guidance.
• Maintain and deliver timely Continuous Monitoring (Con Mon) and remediation strategies.
• Collaborate with security teams to operationalize new capabilities that support risk reduction and remediation actions.
• Work with Prod or Dev, Sec Architecture, and Infrastructure teams to mitigate systemic vulnerabilities and operationalize known security gaps.
• Drive the remediation of vulnerabilities, ensuring the Plan of Action and Milestones (POA and M) is accurate and reported monthly.
• Implement mandatory actions from CISA Emergency Directives and DoD IAVM alerts.
• Drive strategic collaboration and product enablement to ensure timely internal security reviews of new products and features prior to deployment.
• Partner with product and infrastructure teams to align work streams and assess security solutions for US public sector requirements.
• Serve as the lead for responding to complex customer security questionnaires and providing guidance for FedRAMP, State
  
  RAMP, and DoD SRG milestones.
• Join high‑level briefings to explain security posture and compliance inheritance to prospective Government clients.

• BA or BS degree or equivalent work experience.
• 8+ years of experience with security controls and compliance related to NIST and FedRAMP.
• Experience with risk management frameworks, including risk ratings and contextualization of data (e.g., CVSS, CVE, NVD, NIST, DoD SRG).
• Experience automating audit evidence collection across security and compliance frameworks (e.g., FedRAMP, NIST 800‑53).
• Experience with compliance and assessment of cloud native platforms and services (data warehouse, service mesh, container images, and microservices orchestration).
• DoD 8140 or 8570 baseline certification (e.g., Sec+, CISSP, CISM, or CASP+).
• Clearance:
  Must be able to pass a Public Trust or Tier 3 Background Investigation.
• Experience with NIST SP 800‑53 and the Risk Management Process.
• Experience leading through influence, building trust with stakeholders across a remote, global organization.

• Experience creating and utilizing reports from security monitoring tools such as Tenable, Sysdig, Splunk, Windows Defender, or Sentinel Log Analytics.
• Experience driving audit‑ready requirements for…