Software Compliance & SDLC Governance Lead

MSX International Group is the leading global provider of outsourced business solutions for the automotive industry making business in more than 80 countries. MSXI’s deep industry expertise combined with advanced data analytics and custom software solutions improve the performance of automotive dealership networks by increasing revenue, reducing cost, and enhancing customer satisfaction. 

About the role:

At MSX, we are looking to incorporate a Software Compliance & SDLC Governance Lead to ensure the integrity, security, and regulatory compliance of software development environments.

This role is critical to applying Information Security Policy (ISP) requirements across modern DevOps ecosystems, translating regulatory and security obligations into practical, actionable controls, and supporting engineering teams throughout the entire Software Development Life Cycle (SDLC).

The position ensures compliance with ISP, DORA, GDPR, and other regulatory frameworks, acting as a key point of reference for technical teams, stakeholders, and auditors.

Key Responsibilities

SDLC Governance & Compliance

• Act as the governance authority for assigned engineering teams, ensuring compliance with the company’s Information Security Policy
• Translate security and compliance requirements into clear, implementable technical controls
• Continuously monitor SDLC environments, tools, access models, and processes to identify risks and compliance gaps

Controls, Monitoring & Documentation

• Guide teams in embedding security and compliance controls into CI/CD pipelines and DevOps tools
• Design and maintain Standard Operating Procedures (SOPs), standards, and technical guidelines aligned with global and regional regulations
• Ensure operational traceability, proper log retention, and system auditability

Audits & Stakeholder Management

• Ensure automated and consistent generation of audit evidence across all SDLC stages
• Act as the main point of contact for internal and external auditors (e.g., GAO, PWC)
• Escalate non-compliance issues and systemic risks to leadership and product owners for timely resolution

Control Areas

• Access Management: Enforcement of Segregation of Duties (SoD) across DevOps tools
• Data Integrity: Protection of personal data (PII) and sensitive information in development and testing environments
• Change Management: Oversight of automated controls and approval gates within CI/CD pipelines
• Quality Governance: Ensuring testing and validation evidence is properly documented and stored
• Traceability & Auditability: Validation of log retention and audit records

What we’re looking for in you:

Required qualifications:

• University degree in Systems Engineering, Software Engineering, or similar
• Professional proficiency in Spanish and English
• Strong ability to interpret and apply complex security policies in technical environments
• Hands-on experience with DevOps tools and platforms (GitHub, Jira, Terraform, Tekton, GCP Cloud Build, etc.)
• Previous experience in IT Audit, IT Compliance, Quality Assurance, or regulated environments
• Experience working with “Compliance as Code” principles
• Knowledge of IAM, GDPR, DORA, and financial-sector regulations
• Excellent technical writing skills, focused on clear, instructional documentation
• Strong communication skills, with the ability to influence, escalate, and drive accountability
• Ability to assess new technologies and identify associated risks and regulatory requirements

With over 5,000 employees based in more than 80 countries across the globe, our teams provide industry leading expertise that spans: 

• Consumer Engagement 

• Parts, Accessories & Service Performance 

• Actionable Insights 

• Repair Optimization & Compliance 

• Learning Solutions 

• Distribution & Sales Performance 

Our proven track record means that we now partner with almost every car manufacturer on the market. 

The MSX Purpose 

To empower Movers and Makers to thrive in our ever-changing world 

The MSX Mission 

To harness our expertise in mobility, the creativity of our global teams, and the power of technology, to craft tailored, sustainable and innovative solutions. 

The MSX Vision 

To be the clients’ first choice, recognized for our operational excellence and commitment to driving change and innovation in the mobility industry.

MSX is an equal opportunities employer and encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, neurodiversity or other personal characteristics and backgrounds, age, sexual orientation, gender reassignment, religion or belief, or marital and parental status. As users of the Disability Confident scheme, we interview all disabled applicants who meet the minimum criteria for the vacancy.