Risk/Governance Analyst

Job Summary:

The Risk/Governance Analyst supports the development, implementation, and monitoring of risk management and governance frameworks in a dynamic software development environment. This role ensures compliance with industry standards, regulatory requirements, and internal policies while proactively addressing risks associated with software development, deployment, and operations. The ideal candidate will have experience in software development practices and a strong understanding of IT governance, risk, and compliance frameworks.

Key Responsibilities:

1. Risk Management in Software Development

• Identify and assess risks across the software development lifecycle (SDLC), including design, coding, testing, and deployment.

• Collaborate with development teams to implement risk mitigation strategies, such as secure coding practices and code reviews.

• Maintain a risk register specific to software development projects and ensure timely updates.

• Monitor and address risks associated with emerging technologies, third-party integrations, and cloud-based platforms.

2. Governance and Compliance

• Develop and enforce IT governance policies and procedures tailored to software development practices.

• Ensure compliance with standards and regulations such as GDPR, ISO 27001, CMMI v2, SOC 2, and OWASP guidelines.

• Conduct audits of software development and deployment processes to evaluate adherence to governance frameworks.

• Assist in the development and maintenance of secure development policies (e.g., DevSecOps practices).

3. Data Analysis and Reporting

• Analyze incident trends, vulnerabilities, and operational data to provide actionable insights.

• Prepare detailed governance and risk reports for development leads and senior leadership.

• Develop dashboards to monitor compliance and risk-related KPIs for software projects.

4. Training and Awareness

• Conduct targeted training sessions for development teams on secure coding, governance frameworks, and risk management practices.

• Develop and disseminate awareness materials related to IT risks and compliance in software projects.

5. Incident Management in Development

• Investigate incidents such as security breaches, data leaks, or system outages related to software applications.

• Recommend and track the implementation of corrective actions to prevent similar incidents.

————————————————

Qualifications:

Education

• Bachelor’s degree in Computer Science, Software Engineering, Information Technology, or a related field.

• Certifications such as CRISC, CISM, CGEIT, CMMI, ISO 27001 Lead Implementer, or Secure Software Development certifications are preferred.

Experience

• 2+ years of experience in risk management, governance, or compliance within a software development environment.

• Hands-on experience with DevOps/DevSecOps practices is a plus.

• Familiarity with software development methodologies such as Agile, Scrum, or Kanban.

Skills and Competencies

• Strong understanding of the SDLC and associated risks.

• Knowledge of IT governance frameworks like COBIT, NIST, CMMI v2, or ISO 27001.

• Experience with risk management and GRC tools.

• Proficiency in security tools such as SAST, DAST, or vulnerability scanners.

• Strong analytical and problem-solving skills.

• • Excellent written and verbal communication skills to work with technical and non-technical stakeholders.