Key Responsibilities:
1. Risk Management in Software Development

• Identify and assess risks across the software development lifecycle (SDLC), including design, coding, testing, and deployment.

• Collaborate with development teams to implement risk mitigation strategies, such as secure coding practices and code reviews.

• Maintain a risk register specific to software development projects and ensure timely updates.

• Monitor and address risks associated with emerging technologies, third-party integrations, and cloud-based platforms.

2. Governance and Compliance

• Develop and enforce IT governance policies and procedures tailored to software development practices.

• Ensure compliance with standards and regulations such as GDPR, ISO 27001, CMMI v2, SOC 2, and OWASP guidelines.

• Conduct audits of software development and deployment processes to evaluate adherence to governance frameworks.

• Assist in the development and maintenance of secure development policies (e.g., DevSecOps practices).

3. Data Analysis and Reporting

• Analyze incident trends, vulnerabilities, and operational data to provide actionable insights.

• Prepare detailed governance and risk reports for development leads and senior leadership.

• Develop dashboards to monitor compliance and risk-related KPIs for software projects.

4. Training and Awareness

• Conduct targeted training sessions for development teams on secure coding, governance frameworks, and risk management practices.

• Develop and disseminate awareness materials related to IT risks and compliance in software projects.

5. Incident Management in Development

• Investigate incidents such as security breaches, data leaks, or system outages related to software applications.

• Recommend and track the implementation of corrective actions to prevent similar incidents.

————————————————

Qualifications:

Education

• Bachelor’s degree in Computer Science, Software Engineering, Information Technology, or a related field.

• Certifications such as CRISC, CISM, CGEIT, CMMI, ISO 27001 Lead Implementer, or Secure Software Development certifications are preferred.
 

Experience

• 2+ years of experience in risk management, governance, or compliance within a software development environment.

• Hands-on experience with DevOps/DevSecOps practices is a plus.

• Familiarity with software development methodologies such as Agile, Scrum, or Kanban.
 

Skills and Competencies

• Strong understanding of the SDLC and associated risks.

• Knowledge of IT governance frameworks like COBIT, NIST, CMMI v2, or ISO 27001.

• Experience with risk management and GRC tools.

• Proficiency in security tools such as SAST, DAST, or vulnerability scanners.

• Strong analytical and problem-solving skills.

• Excellent written and verbal communication skills to work with technical and non-technical stakeholders.