Sr. Manager, Security Third Party Risk Product ...

Company OverviewDocusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).What you'll doDocusign is hiring a Senior Manager, Security Third-Party Risk Product Management (TPRM) to define and lead our enterprise-wide vendor, partner, and ecosystem security risk program. This role is accountable for shaping TPRM as a product while combining strategic vision with hands-on execution, and it requires close partnership with leaders across Security, GRC, Legal, Compliance, Finance, and Procurement.You will oversee security risks across vendors, SaaS integrations, APIs, joint-service providers, and supply chain dependencies, while leading the transformation of the TPRM function from periodic questionnaires to a continuous, automation-enabled monitoring model. You will also expand visibility into fourth-party dependencies and work with engineering, architecture, and procurement teams to manage technical, operational, and contractual risks at scale.This is position is a people manager role reporting to the Director of Security Product Risk Management.ResponsibilityDefine and drive the TPRM roadmap and strategy - evolving the program into a scalable, productized capabilityLead, mentor, and grow a high-performing Third-Party Risk Management team responsible for driving third party risk assessments, continuous monitoring and incident supportPartner with GRC Engineering to design and integrate automation and continuous monitoring tools (e.g., BitSight, SecurityScorecard) into third party workflowsEmbed security risk requirements into procurement, legal and contracting processesOversee technical integration reviews for SaaS, APIs, cloud platforms, and data-sharing workflowsEnsure fourth-party and ecosystem dependency risks are incorporated into TPRM processesDevelop insights, dashboards and reporting that provides executive visibility into vendor, fourth-party and ecosystem riskPartner with Product Security, Vulnerability Management and Incident Response to ensure vendor-related vulnerabilities and incidents are effectively resolvedRepresent TPRM as a product and capability to leadership, customers, and stakeholdersJob DesignationHybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.What you bringBasic8+ years of experience in third-party/vendor security risk management, supply chain risk, security or GRCDemonstrated people management experience of 5+ years with a track record of leading and developing risk management teamsBachelor's or Master's degree in Information Security, Risk Management, Analytics, or related fieldExperience with TPRM methodologies, frameworks, and regulations (e.g., SIG, CSA, ISO 27036, NIST 800-161, DORA)Experience with managing risks associated wit

Created: 2025-10-10