Sr. Director, Security Governance, Risk and Compliance

Sr. Director, Security Governance, Risk and Compliance FlightSafety International Inc - Seattle, WA

Posted: 6/2/2026 - Expires: 8/31/2026

Job ID: 293457378

Apply Now I have already applied Save Job Print Email Share

Job Description

Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).

What you'll do

As the most trusted brand in our industry, Docusign recognizes the profound importance of maintaining and enhancing customer trust in our products. Docusign's security program is vital to that trust, and this role is a critical leadership position driving our success. The Senior Director, Security Governance, Risk, and Compliance (GRC) will be a technically proficient, business savvy leader who manages all aspects of the GRC program and multiple facets of product and enterprise security. Security GRC will embed within Product, Technology, Digital Technology, and Sales teams to proactively identify and reduce security risks - transforming legacy GRC practices into a more contemporary, productized capability and replacing document-centric compliance with scalable security controls built directly into engineering and business workflows. The Senior Director, GRC will tailor and implement Docusign's security controls framework to protect the platform, company, and customers through a risk-based approach to security. They will enhance engineering and development capabilities within the GRC team; implement contemporary, cost-effective tools and practices to automate historically manual activities; and leverage AI and ML where appropriate to optimize efficiencies while delivering at scale and with speed while managing emerging risk and supporting product and business innovation. This position will leverage leading security frameworks like NIST, ISO, and BSIMM as foundations for the overall security program while driving continuous improvement. The role will ensure that security governance mechanisms and documentation are implemented and effective. The Senior Director will also be responsible for driving revenue growth through direct support to Sales teams, managing customer security assurance, ensuring audit readiness in preparation for certification and global regulatory and customer requirements. Ultimately, the Senior Director will be responsible for managing GRC product innovation, development, engineering, and delivery. The role will deepen security within the platform and across the enterprise, while enhancing customer trust. They will be charged with optimizing the GRC user experience - serving as the product owner for the security controls framework and security risk mitigation; ensuring policies, standards, procedures, and controls are designed for adoption, automated by default, and measured through real-time data; and driving revenue growth through GRC support to the business.

This position is a people manager role reporting to the

Group Vice President, Chief Information Security Officer

.

Responsibility

• Lead and manage the global GRC team and program, including core components: GRC engineering, governance, risk, compliance, and customer security assurance
• Manage a high-performing, product-driven team focused on measurable outcomes and continuous improvement. Implement tailored program goals, objectives, milestones, key results, and key performance indicators to drive consistent progress and outcomes
• Define and drive a multi-year product vision and roadmap for security governance, risk, and compliance (including GRC engineering and development) focused on adoption and measurable risk reduction
• Establish the architectural blueprint that transforms GRC into a scalable product platform and service
• Set vision, strategy, and leadership for how governance, risk, and compliance are engineered and automated across the company, translating requirements into a technology-driven automation strategy
• Manage architecting of scalable platforms for GRC automation and evidence production, while growing the team's technical skills sets and ensuring engineering and development best practices
• Manage delivery and prioritization while ensuring timely delivery of GRC product, engineering, and risk reduction capabilities
• Maintain expertise in components and capabilities of the product ecosystem as well as company infrastructure, environments, data, and security controls
• Maintain expertise in security threats, trends, technologies, and industry best practices (existing and emerging)
• Serve as a trusted leader/advisor to the CISO, other executives, and teams - translating technical risk into business impact, providing clear updates, trade-offs, and advice
• Manage collaboration and effective relationships with cross-functional teams to ensure frictionless security and paved path approaches with leadership across the business
• Manage the GRC budget and resourcing
• Ensure security practices and controls meet internal security policy and standards, industry frameworks, and regulatory and customer requirements
• Implement contemporary tooling and automation to optimize insights, efficiency, and efficacy while enhancing technical security rigor
• Contribute to technical requirements, architectural design and modification documents, and educational resources
• Serve as a senior escalation point for complex or high risk security issues; drive architectural, process, and implementation improvements from lessons learned
• Implement the GRC strategy for using AI across GRC teams and responsibilities; maintain a high level of individual proficiency in using AI to perform daily and longer term tasks
• Manage and continuously improve the company-wide Docusign security controls framework, ensuring controls are appropriately tailored and effective across all domains
• Manage compliance requirements relevant to modern software development, enterprise security, and trust and safety protections against platform abuse
• Serve as Security's primary liaison between technical teams and regulatory/audit bodies
• Work closely with third-parties on assessments, audits, attestations, and in shaping security programs, roadmaps, and deliverables

Job Designation

Hybrid:

Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.

What you bring

Basic

• 15+ years' working experience in Security GRC, Product Security, Application Security, Engineering, Trust and Safety or closely related security and engineering disciplines, with 8+ years in technical leadership roles
• Bachelor's degree in computer science, data science, artificial intelligence, machine learning, cybersecurity, risk management, or a related technical field
• Experience designing and leading security programs, including but not limited to security risk management, governance (especially under NIST, ISO, and FedRAMP frameworks), compliance, engineering/secure development, customer security assurance, product security, enterprise security, and trust and safety
• Experience with NIST CSF, NIST SDF, NIST AI RMF, ISO 27001, SOC, BSIMM, IL5, FedRAMP High, and other, more narrowly tailored or geographically focused security frameworks
• Experience driving automation strategies, predictive analytics, and data-driven insights
• Experience in implementing or improving security tools where they previously did not exist, did not perform to expectations, and/or better options emerged (e.g., workflow tools, case management systems, agents developed and trained to meet mission)
• Experience designing and embedding security controls across the business, plus validating efficacy
• Experience defining security KPIs, metrics pipelines, and executive reporting frameworks
• Experience with cross-functional collaboration and stakeholder engagement across technical and business relationships, especially with Product, Technology, Digital Technology, Sales, Security, and executive teams

Preferred

Job Summary

Veteran Preference

Company Details Company FlightSafety International Inc Industry Computer Systems Design Services Job Information Location Seattle, WA Website Job Type Full Time Employee Experience 10+ to 15 Years Education Level Bachelor's degree Job Position 1 Position(s) Open Duration Over 150 Days Additional Information Federal Contractor Yes Affirmative Action Plan No View More Jobs All FlightSafety International Inc jobs View similar jobs All Seattle, WA jobs