Cyber SDLC Governance Analyst

This role supports cybersecurity engineering and delivery teams in maintaining high standards across software delivery, controls compliance, and DevOps governance processes within a complex enterprise environment.

• Experience working in Agile software delivery environments in roles such as Business Analyst, IT Control Analyst, Change Analyst, Test Analyst, Delivery Governance, or similar
• Understanding of software delivery lifecycle processes, change management, and control frameworks
• Experience working with governance, risk, compliance, audit, or assurance-related activities
• Ability to manage multiple stakeholders across technology and business teams
• Strong analytical and reporting skills with hands-on experience using Excel and presentation/reporting tools
• Experience facilitating workshops, coordinating actions, and driving process improvements
• Strong communication skills in English, both written and spoken

Nice to have:

• Experience with DevOps metrics, SDLC governance, or delivery assurance processes
• Familiarity with tools such as Jira, Confluence, ServiceNow, qTest, Zephyr, or Tricentis
• Understanding of application security concepts such as SAST, DAST, or vulnerability management
• Experience working in regulated or highly controlled environments
• Agile, ITIL, SAFe, or IIBA certifications

• Support engineering and delivery teams in adopting Software Development Lifecycle (SDLC) and deployment governance standards
• Monitor compliance with internal delivery controls and identify gaps, risks, or process deviations
• Coordinate and execute SDLC and deployment control reviews for cybersecurity-related applications and changes
• Track remediation activities and support teams in resolving non-compliance findings
• Collect, validate, and maintain audit-ready evidence related to software delivery, testing, approvals, and change processes
• Monitor DevOps and delivery metrics, identify trends and recurring issues, and provide actionable recommendations
• Prepare reports and dashboards for governance, risk, and management stakeholders
• Facilitate workshops, working sessions, and stakeholder discussions across technology and cybersecurity teams
• Create training materials, guidance documents, and process communications to improve control adoption
• Continuously improve workflows, reporting standards, and governance processes to simplify delivery compliance

Hybrid model: 6 days per month from the office in Cracow