Sr. Director, Security Governance, Risk and Compliance

About The Position

Requirements

• 15+ years' working experience in Security GRC, Product Security, Application Security, Engineering, Trust and Safety or closely related security and engineering disciplines, with 8+ years in technical leadership roles
• Bachelor's degree in computer science, data science, artificial intelligence, machine learning, cybersecurity, risk management, or a related technical field
• Experience designing and leading security programs, including but not limited to security risk management, governance (especially under NIST, ISO, and FedRAMP frameworks), compliance, engineering/secure development, customer security assurance, product security, enterprise security, and trust and safety
• Experience with NIST CSF, NIST SDF, NIST AI RMF, ISO 27001, SOC, BSIMM, IL5, FedRAMP High, and other, more narrowly tailored or geographically focused security frameworks
• Experience driving automation strategies, predictive analytics, and data-driven insights
• Experience in implementing or improving security tools where they previously did not exist, did not perform to expectations, and/or better options emerged (e.g., workflow tools, case management systems, agents developed and trained to meet mission)
• Experience designing and embedding security controls across the business, plus validating efficacy
• Experience defining security KPIs, metrics pipelines, and executive reporting frameworks
• Experience with cross-functional collaboration and stakeholder engagement across technical and business relationships, especially with Product, Technology, Digital Technology, Sales, Security, and executive teams
• Extensive technical knowledge, including network infrastructure, automated workflows, secure coding practices, cryptography basics, threat modeling, and data systems architecture
• Strong experience with project management that includes a track record of success

Nice To Haves

• Master's degree or higher
• Deeply technical with strong strategic vision, tactical acumen, excellence in execution
• Forward looking and acting with the ability to understand and address current and future threats and business requirements exceedingly well and manage products and their team to suit
• Growth and product mindset; oriented to action and delivery; professional teammate
• Excellent leadership, communications, and presentation skills
• Certifications: CISSP, CCISO, CISM, CRISC, CGRC, CCSP, CSSLP, GSLC, GSEC, or equivalent
• Substantial experience in implementing best practices and compliance obligations for AI product security and AI enterprise security
• Demonstrated experience with modern security frameworks applied to cloud-native environments and SaaS products
• Experience embedding GRC requirements into CI/CD pipelines (shift-left security)

Responsibilities

• Lead and manage the global GRC team and program, including core components: GRC engineering, governance, risk, compliance, and customer security assurance
• Manage a high-performing, product-driven team focused on measurable outcomes and continuous improvement.
• Implement tailored program goals, objectives, milestones, key results, and key performance indicators to drive consistent progress and outcomes
• Define and drive a multi-year product vision and roadmap for security governance, risk, and compliance (including GRC engineering and development) focused on adoption and measurable risk reduction
• Establish the architectural blueprint that transforms GRC into a scalable product platform and service
• Set vision, strategy, and leadership for how governance, risk, and compliance are engineered and automated across the company, translating requirements into a technology-driven automation strategy
• Manage architecting of scalable platforms for GRC automation and evidence production, while growing the team's technical skills sets and ensuring engineering and development best practices
• Manage delivery and prioritization while ensuring timely delivery of GRC product, engineering, and risk reduction capabilities
• Maintain expertise in components and capabilities of the product ecosystem as well as company infrastructure, environments, data, and security controls
• Maintain expertise in security threats, trends, technologies, and industry best practices (existing and emerging)
• Serve as a trusted leader/advisor to the CISO, other executives, and teams – translating technical risk into business impact, providing clear updates, trade-offs, and advice
• Manage collaboration and effective relationships with cross-functional teams to ensure frictionless security and paved path approaches with leadership across the business
• Manage the GRC budget and resourcing
• Ensure security practices and controls meet internal security policy and standards, industry frameworks, and regulatory and customer requirements
• Implement contemporary tooling and automation to optimize insights, efficiency, and efficacy while enhancing technical security rigor
• Contribute to technical requirements, architectural design and modification documents, and educational resources
• Serve as a senior escalation point for complex or high risk security issues; drive architectural, process, and implementation improvements from lessons learned
• Implement the GRC strategy for using AI across GRC teams and responsibilities; maintain a high level of individual proficiency in using AI to perform daily and longer term tasks
• Manage and continuously improve the company-wide Docusign security controls framework, ensuring controls are appropriately tailored and effective across all domains
• Manage compliance requirements relevant to modern software development, enterprise security, and trust and safety protections against platform abuse
• Serve as Security's primary liaison between technical teams and regulatory/audit bodies
• Work closely with third-parties on assessments, audits, attestations, and in shaping security programs, roadmaps, and deliverables

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Global benefits provide options for the following: Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events