Role Description Docusign is seeking a skilled and adaptable attorney as a member of the Commercial, Growth, and Trust team, focusing on cybersecurity, to help us support Docusign's mission of providing unmatched confidence and dependability in keeping its customers' data secure. Reporting into our Vice President and Deputy General Counsel, Commercial, Growth and Trust, you will support a best-in-class cybersecurity legal function and be at the forefront of cybersecurity and data protection issues. If you're ready to take on the challenge of shaping the future of cybersecurity in a leading technology company, we want to hear from you. This position is an individual contributor role reporting to the Vice President and Deputy General Counsel, Commercial, Growth and Trust. Responsibilities - Provide expert legal advice to cross-functional teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations. - Provide legal guidance on regulatory, third-party, and internal security audits, and participate in cross-functional workstreams to scope and perform periodic security hygiene assessments, mitigation, and remediation. - Help enhance Docusign's data governance posture, including operations and documentation, employee training and security obligations, promoting a culture of awareness and compliance throughout the organization, policy monitoring, audit, and enforcement, and third-party risk assessments. - Collaborate with the global legal team to align security and data practices across the company, ensuring a unified approach to data protection. - Support building and improving holistic incident detection and response processes. - Provide support and counsel during cybersecurity-related investigations and the response to data incidents, including incident notification and mitigation strategies, to minimize impact and maintain customer trust. - Remain up-to-date on relevant data security laws and regulations, industry approaches to data governance program management, and on data compliance and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues. - Help support thought leadership, prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations. - Support global AI governance, helping the business teams continue responsible innovation efforts. Qualifications - Juris Doctorate Degree, or equivalent international degree. - Active membership in at least one state bar. - 12+ years of experience as a practicing attorney in a law firm, government agency, or in-house legal team, with a substantial number of those years focused on cybersecurity and incident response. - Experience providing guidance (and teaming with others) to advise on best practices for complying with global privacy and cybersecurity laws and regulations. Requirements - Strategic vision and ability to spot issues, clearly and concisely communicating complex legal issues to a variety of legal and non-legal partners across the company. - Experience negotiating, drafting, and updating documents and policies. - Excellent attention to detail and organizational skills. Skilled at managing multiple priorities in a fast-paced business and tech-forward environment. - Strong communication and interpersonal skills, with the ability to collaborate effectively with different teams and stakeholders. - Ability to work calmly with a sense of urgency while prioritizing competing interests. - Ability to work independently, and as part of a team, with members across multiple offices in a fast-paced environment. - A client-first mentality. - Demonstrated ability to maintain strong working relationships with a variety of internal clients. Benefits - Paid Time Off: earned time off, as well as paid company holidays based on region. - Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement. - Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment. - Retirement Plans: select retirement and pension programs with potential for employer contributions. - Learning and Development: options for coaching, online courses and education reimbursements. - Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events.

• Lead the enterprise Cybersecurity Governance Program • Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting • Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations • Track cybersecurity initiatives, remediation activities, and strategic priorities • Drive accountability for cybersecurity performance across the organization • Lead enterprise cyber risk identification, assessment, reporting, and remediation programs • Maintain cybersecurity risk registers and risk treatment plans • Facilitate risk reviews with business and technology stakeholders • Present cybersecurity risk posture to senior leadership • Own cybersecurity policies, standards, procedures, and governance frameworks • Ensure alignment with industry standards and regulatory requirements • Maintain governance processes supporting cybersecurity decision-making • Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements • Coordinate internal and external audits • Manage remediation efforts resulting from audit findings and assessments • Maintain cybersecurity control documentation and evidence repositories • Lead Supplier Information Security Requirement (SISR) governance and oversight • Manage third-party cybersecurity risk assessments and monitoring • Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance • Lead enterprise cybersecurity awareness, training, and phishing simulation programs • Establish metrics to measure effectiveness and maturity • Drive continuous improvement of employee cybersecurity culture • Provide governance oversight of various security assurance and testing programs • Ensure testing results are tracked, reported, and remediated appropriately • Lead and develop cybersecurity governance personnel and contractors • Manage vendor and consulting relationships supporting GRC activities • Establish goals, objectives, and performance measures for the organization • Build a scalable governance function supporting DIRECTV's cybersecurity strategy.

• Develop security analysis and risk assessment skills by working closely with technical and non-technical stakeholders to identify, analyse, and document security risks and controls. • Assist in identifying and assessing security vulnerabilities across systems, applications, and cloud environments. • Support penetration testing activities and security testing processes to identify weaknesses and improve system resilience. • Contribute to cloud and network security tasks including configuration review, monitoring, and risk identification. • Assist in implementing and reviewing security controls such as IAM, access management, logging, and monitoring. • Support development and review of security policies, standards, and governance frameworks. • Participate in security research projects related to privacy, AI security, and emerging cyber risks. • Assist in documenting findings, risks, mitigation strategies, and technical recommendations. • Collaborate within an Agile environment with engineering, infrastructure, and technical teams.

• Drive the global GTM strategy and execution of the Cybersecurity business at Databricks. • Play a pivotal role in accelerating cyber revenue growth by building scalable assets for the field, designing enablement programs, and driving key partnerships. • Set a clear GTM vision for Cybersecurity, work with a cross-functional team, and focus on execution of scalable sales programs. • Build a clear business plan for Cybersecurity that drives alignment across sales, industry vertical leaders, enablement, partner management, marketing, field engineering, sales programs, and other key stakeholders. • Identify and foster new AI-driven use cases of the Databricks platform. • Identify operational gaps in the Cybersecurity GTM motion, be data-driven about quantifying business opportunities, and execute improvement plans. • Scale expertise across the GTM organization via enablement, building repeatable assets, and articulating a clear strategy and vision for Data and AI in Cybersecurity. • Collaborate with Partner teams to develop strategic relationships with Systems Integrators and build joint sales motions. • Collaborate with the marketing team to establish Databricks as a thought leader in the industry.