Job Specifications
Company Overview
Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).
What you'll do
The Senior Manager, GRC Engineering will define and execute the strategy for GRC automation, data pipelines, and analytics, enabling a scalable, technology-driven governance model. This role leads the engineering function that powers GRC capabilities, including evidence automation, policy exception workflows, dashboard creation, metrics pipelines, and platform integrations.
Partnering closely with Product, Technology Engineering, Data and Security teams, you will establish modern, automated, and data-driven processes to strengthen the security and compliance posture of the organization.
This position is a people manager role reporting to the Senior Director of Security Governance, Risk Management and Compliance (GRC).
Responsibility
Define the strategic roadmap for GRC engineering, automation, and analytics capabilities
Build, lead, and mentor a team of GRC engineers and platform specialists
Provide technical leadership - reviewing integrations, scripts, pipelines, configurations, and platform builds - for the GRC Engineering team
Lead the design and implementation of scalable evidence collection systems, metrics pipelines, compliance workflows, and policy exception processes
Integrate GRC systems with cloud and SaaS environments to enable automated evidence collection, continuous control monitoring, and compliance-by-design
Partner with GRC, Security, Engineering and Information Technology teams to align engineering-driven GRC solutions to business and regulatory priorities
Drive the adoption of self-service automation for evidence submission, exceptions, and compliance reporting
Embed security control validation into CI/CD pipelines and engineering workflows
Explore AI/ML capabilities for risk scoring, document summarization, and control classification
Develop dashboards, KPIs, KRIs, and reporting logic to measure security compliance, risk, and control effectiveness across all environments and products
Provide thought leadership on automation-first GRC strategy and continuously evaluate emerging technologies, tools, and frameworks
Oversee workflows, connectors, and automations built in GRC and Engineering platforms such as ServiceNow IRM, LogicGate, OneTrust, Jira and others
Establish a consistent metrics pipeline to enable data-driven decision-making by executives and security leadership
Partner with engineering and analytics teams to leverage platforms such as Tableau, Power BI, or Looker for visualization and reporting
Act as the bridge between GRC, Internal Audit, Engineering and Security ensuring strong integration across teams
Collaborate with DevSecOps engineers to embed security control validation into CI/CD pipelines and engineering workflows
Partner with AI/ML-focused engineers to leverage emerging capabilities for risk scoring, document summarization, and control classification
Set performance goals, foster technical excellence, and build a high-performing engineering culture within GRC
Influence resource allocation, priorities, and staffing plans to support evolving GRC and security objectives
Job Designation
Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)
Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.
What you bring
Basic
8+ years of experience in information security, GRC, or security engineering, with 5+ years in a leadership role
Bachelor’s or Master's degree in Computer Science, Computer Engineering, Software Engineering
Relevant certifications such as CISM, CISSP, CCSP, or equivalent
Experience building GRC engineering capabilities, including automation, evidence connectors, dashboards, and policy workflows
Experience with GRC platforms (e.g., ServiceNow GRC, LogicGate, OneTrust) and their integrations into enterprise environments
Experience with modern cloud and SaaS security models (AWS, GCP, Azure) and evidence automation using APIs/SDKs
Experience with