Software Compliance and SDLC Governance Lead
MSX International
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Job Description
About the Role
At MSX, we are looking to incorporate a Software Compliance & SDLC Governance Lead to ensure the integrity, security, and regulatory compliance of software development environments. This role is critical to applying Information Security Policy (ISP) requirements across modern DevOps ecosystems, translating regulatory and security obligations into practical, actionable controls, and supporting engineering teams throughout the entire Software Development Life Cycle (SDLC). The position ensures compliance with ISP, DORA, GDPR, and other regulatory frameworks, acting as a key point of reference for technical teams, stakeholders, and auditors.
Key Responsibilities
SDLC Governance & Compliance
- Act as the governance authority for assigned engineering teams, ensuring compliance with the company’s Information Security Policy.
- Translate security and compliance requirements into clear, implementable technical controls.
- Continuously monitor SDLC environments, tools, access models, and processes to identify risks and compliance gaps.
Controls, Monitoring & Documentation
- Guide teams in embedding security and compliance controls into CI/CD pipelines and DevOps tools.
- Design and maintain Standard Operating Procedures (SOPs), standards, and technical guidelines aligned with global and regional regulations.
- Ensure operational traceability, proper log retention, and system auditability.
Audits & Stakeholder Management
- Ensure automated and consistent generation of audit evidence across all SDLC stages.
- Act as the main point of contact for internal and external auditors (e.g., GAO, PWC).
- Escalate non-compliance issues and systemic risks to leadership and product owners for timely resolution.
Control Areas
- Access Management: Enforcement of Segregation of Duties (SoD) across DevOps tools.
- Data Integrity: Protection of personal data (PII) and sensitive information in development and testing environments.
- Change Management: Oversight of automated controls and approval gates within CI/CD pipelines.
- Quality Governance: Ensuring testing and validation evidence is properly documented and stored.
- Traceability & Auditability: Validation of log retention and audit records.
Qualifications
Required Qualifications
- University degree in Systems Engineering, Software Engineering, or similar.
- Professional proficiency in Spanish and English.
- Strong ability to interpret and apply complex security policies in technical environments.
- Hands-on experience with DevOps tools and platforms (GitHub, Jira, Terraform, Tekton, GCP Cloud Build, etc.).
- Previous experience in IT Audit, IT Compliance, Quality Assurance, or regulated environments.
- Experience working with “Compliance as Code” principles.
- Knowledge of IAM, GDPR, DORA, and financial-sector regulations.
- Excellent technical writing skills, focused on clear, instructional documentation.
- Strong communication skills, with the ability to influence, escalate, and drive accountability.
- Ability to assess new technologies and identify associated risks and regulatory requirements.
Company Information
With Over 5,000 Employees Based In More Than 80 Countries Across The Globe, Our Teams Provide Industry Leading Expertise That Spans Consumer Engagement, Parts, Accessories & Service Performance, Actionable Insights, Repair Optimization & Compliance, Learning Solutions, Distribution & Sales Performance. Our proven track record means that we now partner with almost every car manufacturer on the market.
The MSX Purpose
To empower Movers and Makers to thrive in our ever-changing world.
The MSX Mission
To harness our expertise in mobility, the creativity of our global teams, and the power of technology, to craft tailored, sustainable and innovative solutions.
The MSX Vision
To be the clients’ first choice, recognized for our operational excellence and commitment to driving change and innovation in the mobility industry.
MSX is an equal opportunities employer and encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, neurodiversity or other personal characteristics and backgrounds, age, sexual orientation, gender reassignment, religion or belief, or marital and parental status. As users of the Disability Confident scheme, we interview all disabled applicants who meet the minimum criteria for the vacancy.
Key skills/competency
- Software Compliance
- SDLC Governance
- Information Security Policy (ISP)
- DevOps
- CI/CD
- GDPR
- DORA
- IT Audit
- IT Compliance
- Technical Writing
How to Get Hired at MSX International
- Tailor your resume: Highlight experience with DevOps tools, compliance frameworks (GDPR, DORA), and technical writing.
- Showcase your skills: Emphasize your ability to translate security policies into actionable controls and your experience with "Compliance as Code".
- Prepare for interviews: Be ready to discuss your experience with IT audit, compliance, and your understanding of SDLC governance.
- Demonstrate communication skills: Prepare examples of how you've influenced teams, escalated issues, and driven accountability.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background