IT, InfoSec, Cyber Risk & Business Operations | San Francisco, California
Our agreement with employees
DocuSign is committed to building trust and making the world more agree-able for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what's right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you'll be loved by us, our customers, and the world in which we live.
Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that strive to deliver an exceptional experience for our internal & external customers. We embrace agile principles and values, favor DevOps practices, and view infrastructure as code, all the while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies in the cloud and continue securely scaling our global business.
The Compliance Manager is part of a team responsible for advocating, monitoring, and enforcing compliance through controls, policies, standards, and procedures. In this role, you will be working with senior leaders within Sales, Customer Success, Legal, Operations, and Engineering teams to achieve and maintain DocuSign's compliance with various programs.
This role will be responsible for driving our current compliance efforts, updating existing controls, managing third-party auditors, and maintaining our compliance certifications. This role also interfaces with customers, prospects, and partners by attending meetings with our Sales teams and assisting our Compliance Trust Services team address technical and compliance topics from requests for proposals or security questionnaires. Lastly, periodic travel is required and after-hours duty on an as-needed basis.
Along with the above responsibilities, this role requires direct experience in the management of ISO (27001, 27017, 27018 and 27701), PCI, FedRAMP and DoD programs.
This position is an Individual Contributor and reports to the Director of Compliance.
Develop technical knowledge of DocuSign solutions and the operational processes in place to support the ISO, PCI, FedRAMP and DoD programs
Delve into the DocuSign environment and develop a deep understanding of control implementations
Review and provide input on technical plans for product architecture, product enhancements and operational improvements to support the business from a compliance perspective
Partner with Sales to communicate the DocuSign compliance posture with customers and prospects
Guide control owners in documenting control activities and confirm readiness of controls for audit.
Liaise with auditors and coordinate audit engagements with control owners throughout the organization
Create and maintain documentation related to controls, policies, standards, and procedures
Manage audits from third-party assessment organizations or customer auditors
Stay informed on changes to the ISO, PCI, FedRAMP and DoD programs and assess impacts to existing control environment
Prepare documentation and training materials to support the education of compliance requirements throughout the organization
Additional responsibilities and tasks as required and assigned
Bachelor's degree or higher in a relevant field or related work experience
Minimum of 8 years of related experience with a Bachelor's
Background in internal or external audit engagements
Experience with cloud service providers
Solid knowledge of SaaS and security concepts
Interest and desire to obtain CISSP, CISA, or other globally-recognized security, compliance, or audit certifications
Awareness of people versus technology as security factors
Experience in project or program management
Passion for information security, governance, risk, and compliance
Good analytical and communication skills
Self-sufficient to manage and prioritize workload
Ability to maintain composure in critical situations
Focus on customer satisfaction to win our customer's continued business and loyalty
Strong attention to details
Ability to travel as needed
DocuSign helps organizations connect and automate how they prepare, sign, act on, and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature: the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, hundreds of thousands of customers and hundreds of millions of users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people's lives. Plus, we save more trees together! And that's a good thing.
DocuSign is an Equal Opportunity Employer. DocuSign is committed to building a diverse team of talented individuals who bring different perspectives to the business and who feel a sense of inclusion and belonging when they join our team. Individuals seeking employment at DocuSign are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other legally protected category.