Governance, Risk and Compliance Officer
Digantara
Digantara is a leading Space Surveillance and Intelligence company focused on ensuring orbital safety and sustainability. With expertise in space-based detection, tracking, identification, and monitoring, Digantara provides comprehensive domain awareness across regimes, allowing end users to have actionable intelligence on a single platform. At the core of its infrastructure lies a sophisticated integration of hardware and software capabilities aligned with the key principles of situational awareness: perception (data collection), comprehension (data processing), and prediction (analytics). This holistic approach empowers Digantara to monitor all Resident Space Objects (RSOs) in orbit, fostering comprehensive domain awareness.
We are seeking a driven, detail-oriented, and experienced legal professional with expertise in information security governance, regulatory compliance, risk management, frameworks, and certifications. The ideal candidate can successfully navigate complex, multi-jurisdictional compliance environments with confidence, translate technical requirements into actional legal guidance, and partner seamlessly across engineering, product, and business teams. Familiarity with space security standards is an added advantage.
Ideal Candidate:
The ideal candidate will be instrumental in shaping, refining, and evolving our security frameworks across the organization as well as ensuring compliance with security mandates on an ongoing basis, and be able to act as a trusted in-house advisor to product, engineering, sales, and leadership on all matters relating to security standards and certifications.
Key Responsibilities:
Own the end-to-end compliance lifecycle for security standards and certifications applicable to hardware, software, data & analytics products, covering frameworks such as ISO 27001, SOC 2 Type II, CMMC, FedRamp, Cyber Essentials, DPDP, including scoping, gap assessments, control design, implementation oversight, certification audits, surveillance audits, and renewals.
Develop and maintain a multi-jurisdictional compliance framework that accounts for obligations owed to private-sector, government and defence customers across key spacefaring jurisdictions and ensure alignment between contractual commitments, regulatory requirements, and internal control environments.
Maintain and monitor a comprehensive compliance roadmap tracking certification renewals, upcoming versions, regulatory changes, and control gaps.
Provide periodic executive-level reporting on compliance posture, risk exposure, and remediation status.
Coordinate with external counsel where required for jurisdiction-specific export control advice.
Support tender and contract negotiations with government and defence customers by providing opinions on compliance with security standards, reviewing security annexures, data protection schedules, identifying and escalating high-risk contractual provisions and proposing risk-mitigation strategies.
Engage with relevant authorities, regulators, standards bodies and auditors to manage authorisations, clearances, certifications, and ongoing correspondence.
Advise on data sovereignty, localisation requirements, and cross-border data transfer mechanisms as they apply to a space technology company.
Monitor legislative and regulatory developments in security requirements across key spacefaring jurisdictions.
Proactively brief product, engineering, and business teams on required adaptations.
Provide guidance on privacy and data protection obligations as applicable to the company’s product lines and customer relationships.
Manage internal and external audits across the entire chain ranging from preparation, audit readiness, auditor coordination, finding responses, and closure of remediation actions.
Conduct and oversee risk assessments, privacy impact assessments and data protection impact assessments across product lines and customer-facing services.
Build and maintain a risk register covering regulatory, contractual, and reputational compliance risks, and drive mitigation programmes in collaboration with engineering, product, and operations teams.
Develop and maintain a library of security and compliance policies, procedures, and controls documentation aligned with applicable standards and customer requirements.
-
Oversee third party and vendor compliance, including security questionnaires, supply chain due diligence, and ongoing monitoring for sensitive or defence-adjacent supply chains and establish a structured third-party risk management framework.
Eligibility Criteria:
Bachelor’s degree in Law (LL.B) or equivalent from a reputed institution.
High integrity, professional discretion, and sound judgment in carrying out roles and responsibilities.
7+ years of post-qualification experience with a demonstrated focus on technology security compliance, with some in-house legal / law firm experience within this period also acceptable.
Hands-on expertise in security standards and certification programmes – such as ISO, SOC 2, CMMC, FedRamp, Cyber Essentials – with direct experience managing certification processes in an end-to-end manner.
Solid working knowledge of data protection and privacy laws across at least India, US, Australia and Europe.
Familiarity with export-control regimes applicable to space technologies.
Excellent negotiation, analytical, and communication skills.
Ability to translate complex requirements into clear, actionable guidance for technical and business audience.
-
The ideal candidate will demonstrate strong strategic and creative thinking with a problem-solving mindset, along with adaptability, leadership skills, team management, attention to detail, cross-functional collaboration, ethical judgment.
Preferred Skills:
Professional certifications (such as CIPP/E, CIPP/US, CIPT, CISM, CISA, CISSP)
Prior experience working in the technology sector; aerospace and defence sector is a plus.
Understanding of hardware security standards and software security frameworks as they apply to product certification.
-
Familiarity with GRC platforms and compliance automation tooling.
