Software Compliance and SDLC Governance Lead

About the Role

At MSX, we are looking to incorporate a Software Compliance & SDLC Governance Lead to ensure the integrity, security, and regulatory compliance of software development environments. This role is critical to applying Information Security Policy (ISP) requirements across modern DevOps ecosystems, translating regulatory and security obligations into practical, actionable controls, and supporting engineering teams throughout the entire Software Development Life Cycle (SDLC). The position ensures compliance with ISP, DORA, GDPR, and other regulatory frameworks, acting as a key point of reference for technical teams, stakeholders, and auditors.

Key Responsibilities

SDLC Governance & Compliance

• Act as the governance authority for assigned engineering teams, ensuring compliance with the company’s Information Security Policy.
• Translate security and compliance requirements into clear, implementable technical controls.
• Continuously monitor SDLC environments, tools, access models, and processes to identify risks and compliance gaps.

Controls, Monitoring & Documentation

• Guide teams in embedding security and compliance controls into CI/CD pipelines and DevOps tools.
• Design and maintain Standard Operating Procedures (SOPs), standards, and technical guidelines aligned with global and regional regulations.
• Ensure operational traceability, proper log retention, and system auditability.

Audits & Stakeholder Management

• Ensure automated and consistent generation of audit evidence across all SDLC stages.
• Act as the main point of contact for internal and external auditors (e.g., GAO, PWC).
• Escalate non-compliance issues and systemic risks to leadership and product owners for timely resolution.

Control Areas

• Access Management: Enforcement of Segregation of Duties (SoD) across DevOps tools.
• Data Integrity: Protection of personal data (PII) and sensitive information in development and testing environments.
• Change Management: Oversight of automated controls and approval gates within CI/CD pipelines.
• Quality Governance: Ensuring testing and validation evidence is properly documented and stored.
• Traceability & Auditability: Validation of log retention and audit records.

Qualifications

Required Qualifications

• University degree in Systems Engineering, Software Engineering, or similar.
• Professional proficiency in Spanish and English.
• Strong ability to interpret and apply complex security policies in technical environments.
• Hands-on experience with DevOps tools and platforms (GitHub, Jira, Terraform, Tekton, GCP Cloud Build, etc.).
• Previous experience in IT Audit, IT Compliance, Quality Assurance, or regulated environments.
• Experience working with “Compliance as Code” principles.
• Knowledge of IAM, GDPR, DORA, and financial-sector regulations.
• Excellent technical writing skills, focused on clear, instructional documentation.
• Strong communication skills, with the ability to influence, escalate, and drive accountability.
• Ability to assess new technologies and identify associated risks and regulatory requirements.

Company Information

With Over 5,000 Employees Based In More Than 80 Countries Across The Globe, Our Teams Provide Industry Leading Expertise That Spans Consumer Engagement, Parts, Accessories & Service Performance, Actionable Insights, Repair Optimization & Compliance, Learning Solutions, Distribution & Sales Performance. Our proven track record means that we now partner with almost every car manufacturer on the market.

The MSX Purpose

To empower Movers and Makers to thrive in our ever-changing world.

The MSX Mission

To harness our expertise in mobility, the creativity of our global teams, and the power of technology, to craft tailored, sustainable and innovative solutions.

The MSX Vision

To be the clients’ first choice, recognized for our operational excellence and commitment to driving change and innovation in the mobility industry.

MSX is an equal opportunities employer and encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, neurodiversity or other personal characteristics and backgrounds, age, sexual orientation, gender reassignment, religion or belief, or marital and parental status. As users of the Disability Confident scheme, we interview all disabled applicants who meet the minimum criteria for the vacancy.

Key skills/competency

• Software Compliance
• SDLC Governance
• Information Security Policy (ISP)
• DevOps
• CI/CD
• GDPR
• DORA
• IT Audit
• IT Compliance
• Technical Writing