Software Compliance & SDLC Governance Lead
MSX International · Madrid, Community of Madrid, Spain
- On site
- Full-time
- $120,000 / year
- Madrid, Community of Madrid, Spain
Job highlights
- Ensure software development compliance and integrity.
- Apply Information Security Policy across DevOps.
- Translate regulations into actionable controls.
- Support engineering teams throughout SDLC.
- Liaise with auditors and stakeholders.
About the role
About the Role
At MSX, we are looking to incorporate a Software Compliance & SDLC Governance Lead to ensure the integrity, security, and regulatory compliance of software development environments. This role is critical to applying Information Security Policy (ISP) requirements across modern DevOps ecosystems, translating regulatory and security obligations into practical, actionable controls, and supporting engineering teams throughout the entire Software Development Life Cycle (SDLC). The position ensures compliance with ISP, DORA, GDPR, and other regulatory frameworks, acting as a key point of reference for technical teams, stakeholders, and auditors.
Key Responsibilities
SDLC Governance & Compliance
- Act as the governance authority for assigned engineering teams, ensuring compliance with the company’s Information Security Policy.
- Translate security and compliance requirements into clear, implementable technical controls.
- Continuously monitor SDLC environments, tools, access models, and processes to identify risks and compliance gaps.
Controls, Monitoring & Documentation
- Guide teams in embedding security and compliance controls into CI/CD pipelines and DevOps tools.
- Design and maintain Standard Operating Procedures (SOPs), standards, and technical guidelines aligned with global and regional regulations.
- Ensure operational traceability, proper log retention, and system auditability.
Audits & Stakeholder Management
- Ensure automated and consistent generation of audit evidence across all SDLC stages.
- Act as the main point of contact for internal and external auditors (e.g., GAO, PWC).
- Escalate non-compliance issues and systemic risks to leadership and product owners for timely resolution.
Control Areas
- Access Management: Enforcement of Segregation of Duties (SoD) across DevOps tools.
- Data Integrity: Protection of personal data (PII) and sensitive information in development and testing environments.
- Change Management: Oversight of automated controls and approval gates within CI/CD pipelines.
- Quality Governance: Ensuring testing and validation evidence is properly documented and stored.
- Traceability & Auditability: Validation of log retention and audit records.
Qualifications
Required Qualifications
- University degree in Systems Engineering, Software Engineering, or similar.
- Professional proficiency in Spanish and English.
- Strong ability to interpret and apply complex security policies in technical environments.
- Hands-on experience with DevOps tools and platforms (GitHub, Jira, Terraform, Tekton, GCP Cloud Build, etc.).
- Previous experience in IT Audit, IT Compliance, Quality Assurance, or regulated environments.
- Experience working with “Compliance as Code” principles.
- Knowledge of IAM, GDPR, DORA, and financial-sector regulations.
- Excellent technical writing skills, focused on clear, instructional documentation.
- Strong communication skills, with the ability to influence, escalate, and drive accountability.
- Ability to assess new technologies and identify associated risks and regulatory requirements.
Company Information
With Over 5,000 Employees Based In More Than 80 Countries Across The Globe, Our Teams Provide Industry Leading Expertise That Spans Consumer Engagement, Parts, Accessories & Service Performance, Actionable Insights, Repair Optimization & Compliance, Learning Solutions, Distribution & Sales Performance. Our proven track record means that we now partner with almost every car manufacturer on the market.
The MSX Purpose
To empower Movers and Makers to thrive in our ever-changing world.
The MSX Mission
To harness our expertise in mobility, the creativity of our global teams, and the power of technology, to craft tailored, sustainable and innovative solutions.
The MSX Vision
To be the clients’ first choice, recognized for our operational excellence and commitment to driving change and innovation in the mobility industry.
MSX is an equal opportunities employer and encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, neurodiversity or other personal characteristics and backgrounds, age, sexual orientation, gender reassignment, religion or belief, or marital and parental status. As users of the Disability Confident scheme, we interview all disabled applicants who meet the minimum criteria for the vacancy.
Key skills/competency
- Software Compliance
- SDLC Governance
- Information Security Policy (ISP)
- DevOps
- CI/CD
- GDPR
- DORA
- IT Audit
- IT Compliance
- Technical Writing
Skills & topics
- Software Compliance
- SDLC Governance
- Information Security
- DevOps
- CI/CD
- GDPR
- DORA
- IT Audit
- IT Compliance
- Technical Writing
- Systems Engineering
- Software Engineering
- Spanish
- English
- GitHub
- Jira
- Terraform
- GCP Cloud Build
- Access Management
- Data Integrity
How to get hired
- Tailor your resume: Highlight experience with DevOps tools, compliance frameworks (GDPR, DORA), and technical writing.
- Showcase your skills: Emphasize your ability to translate security policies into actionable controls and your experience with "Compliance as Code".
- Prepare for interviews: Be ready to discuss your experience with IT audit, compliance, and your understanding of SDLC governance.
- Demonstrate communication skills: Prepare examples of how you've influenced teams, escalated issues, and driven accountability.
Technical preparation
Behavioral questions
Frequently asked questions
- What specific regulatory frameworks does the Software Compliance & SDLC Governance Lead need to be familiar with at MSX International?
- The Software Compliance & SDLC Governance Lead at MSX International needs to be familiar with Information Security Policy (ISP), DORA, GDPR, and other relevant regulatory frameworks. Experience with financial-sector regulations is also noted as a valuable asset.
- What are the key DevOps tools and platforms mentioned for this role at MSX International?
- The job description for the Software Compliance & SDLC Governance Lead at MSX International mentions hands-on experience with DevOps tools and platforms such as GitHub, Jira, Terraform, Tekton, and GCP Cloud Build.
- Is proficiency in a language other than English required for the Software Compliance & SDLC Governance Lead position at MSX International?
- Yes, professional proficiency in both Spanish and English is a required qualification for the Software Compliance & SDLC Governance Lead role at MSX International.
- What does MSX International mean by 'Compliance as Code' in the job description?
- In the context of the Software Compliance & SDLC Governance Lead role, 'Compliance as Code' refers to the practice of defining, managing, and enforcing compliance rules and policies through code and automation within the SDLC and DevOps pipelines.
- What is the primary focus of the 'Control Areas' section in the job description for the Software Compliance & SDLC Governance Lead?
- The 'Control Areas' section outlines the specific domains the Software Compliance & SDLC Governance Lead will focus on, including Access Management (Segregation of Duties), Data Integrity (PII protection), Change Management (CI/CD approvals), Quality Governance (documentation), and Traceability & Auditability (log retention).
- How does MSX International approach diversity and inclusion for this Software Compliance & SDLC Governance Lead role?
- MSX International is an equal opportunities employer and encourages applications from all qualified candidates. They are users of the Disability Confident scheme and will interview all disabled applicants who meet the minimum criteria.