Software Compliance & SDLC Governance Lead

About the role:

At MSX, we are looking to incorporate a Software Compliance & SDLC Governance Lead to ensure the integrity, security, and regulatory compliance of software development environments.

This role is critical to applying Information Security Policy (ISP) requirements across modern DevOps ecosystems, translating regulatory and security obligations into practical, actionable controls, and supporting engineering teams throughout the entire Software Development Life Cycle (SDLC).

The position ensures compliance with ISP, DORA, GDPR, and other regulatory frameworks, acting as a key point of reference for technical teams, stakeholders, and auditors.

Key Responsibilities

SDLC Governance & Compliance

• Act as the governance authority for assigned engineering teams, ensuring compliance with the company’s Information Security Policy
• Translate security and compliance requirements into clear, implementable technical controls
• Continuously monitor SDLC environments, tools, access models, and processes to identify risks and compliance gaps

Controls, Monitoring & Documentation

• Guide teams in embedding security and compliance controls into CI/CD pipelines and DevOps tools
• Design and maintain Standard Operating Procedures (SOPs), standards, and technical guidelines aligned with global and regional regulations
• Ensure operational traceability, proper log retention, and system auditability

Audits & Stakeholder Management

• Ensure automated and consistent generation of audit evidence across all SDLC stages
• Act as the main point of contact for internal and external auditors (e.g., GAO, PWC)
• Escalate non-compliance issues and systemic risks to leadership and product owners for timely resolution

Control Areas

• Access Management: Enforcement of Segregation of Duties (SoD) across DevOps tools
• Data Integrity: Protection of personal data (PII) and sensitive information in development and testing environments
• Change Management: Oversight of automated controls and approval gates within CI/CD pipelines
• Quality Governance: Ensuring testing and validation evidence is properly documented and stored
• Traceability & Auditability: Validation of log retention and audit records