Security Risk Analyst
IT, InfoSec, Cyber Risk & Business Operations | Seattle, Washington
Our agreement with employees
DocuSign is committed to building trust and making the world more agree-able for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do whats right, every day.
At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it.
And for that, youll be loved by us, our customers, and the world in which we live.
Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers. We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision.
This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.
Our Information Security Team is seeking a passionate, customer focused, and eager security professional to join our team. This is a unique opportunity to work and own everything security of a best-in-class, cloud-based platform on which DocuSign, customer, and partner applications run. In this dynamic and fast paced role, as Security Risk Analyst you will be responsible for driving risk treatment across all business lines of the company.
Your background in numerous information security and cyber security domains will allow you to contribute to helping the business manage its risks. Your experience in the risk space will enable you to build and foster relationships and to teach others how to manage risk. Your demonstrated ability to communicate complex security topics to technical, business, and executive audiences will shape how we protect DocuSign's employees, customers, and brand in the face cyber threats.
You will also have a secondary responsibility to assess designs, architectures, and processes. This is a fantastic opportunity to join a team who live and breathe information security and to work for a company with security in its DNA.
This position reports to the Senior Director of Information Security.
Act as Information Security Risk leader, consultant and advisor to all DocuSign business lines.
Communicate Information Security Risk through documentation, conversation, and presentations with an objective of driving awareness and informed decision making.
Evangelize and mentor internal audiences on information security principles and risk management.
Build, enhance, and document processes to facilitate more efficient engagement with, utilization of, and incorporation into existing Information Security programs and capabilities.
Assist in presenting various aspects of the information security risk management program to customers, prospects, auditors, and internal teams.
Perform or assist with threat models, risk assessments, security reviews, vulnerability management, compliance audits, and/or control frameworks.
Assess technical designs, project plans, and proposed initiatives against our security principles; and work to ensure they are addressed with minimal business impact, and that risk is identified and documented.
Develop and document information security standards, guidelines, and tools that enable business and systems owners to apply good security in their environments.
Help maintain, manage, and constantly improve DocuSigns Risk Management process.
5+ years of industry experience of Audit, Compliance, Regulatory or Risk and driving technology risk management processes, methodologies and tools.
3+ years of experience in technical program management, project management, or similar business experience.
2+ years of IT industry experience at enterprise scale.
Bachelors degree in Management Information Systems, Computer Science or related field.
Security Engineering background or experience.
Experience with global technology implementation efforts and rollouts in large organizations.
Demonstrate knowledge of risk management methods, standards, processes, governance models, and industry standard risk analysis approach.
Have planned and maintained multiple parallel projects, and open to new ideas.
Excellent written and verbal communication skills.
Handles multiple competing priorities in a fast-paced, deadline-driven environment.
Demonstrated ability to deal with ambiguity in a rapidly changing business environment.
Ability to exercise sound judgement, problem solve, and make decisions in complex situations
Skilled in business risk analysis and making technical trade-offs between short versus long-term security and business goals.
Proven ability to take ownership, self-motivate, and deliver results in highly ambiguous environments.
CISSP, CISM, CISA or similar professional certification.
DocuSign helps organizations connect and automate how they prepare, sign, act on, and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature: the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time.
Today, hundreds of thousands of customers and hundreds of millions of users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people's lives. Plus, we save more trees together! And thats a good thing.
DocuSign is an Equal Opportunity Employer.
DocuSign is committed to building a diverse team of talented individuals who bring different perspectives to the business and who feel a sense of inclusion and belonging when they join our team. Individuals seeking employment at DocuSign are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other legally protected category.