Senior GRC Specialist

Job Title:  Senior GRC Specialist Location:  Bangalore (On-site; full-time) About Locus Battle-tested in 350+ deployments across 30+ countries, Locus is an agentic Transportation Management System for all-mile, all-channel, trusted by enterprises like Unilever, Nestlé, and Siam Makro.  The platform unifies orders, capacity, and carrier networks into one living plan, aligning planning, execution, and settlement so promises become proof. AI co-pilots with guardrails surface risk early and recommend the next best move to protect SLAs and reduce empty miles.  In 2025, Locus joined the Ingka Group (IKEA Retail) family, marking a major milestone in our journey. Backed by the scale and strength of IKEA, we continue to operate independently while accelerating our mission to make global supply chains faster, smarter, and more sustainable. Our Journey and Impact Since 2015, Locus has been on a mission to make logistics decision-making intelligent, sustainable, and real-world ready. Our platform has powered billions of deliveries across 30 + countries for global enterprises, driving measurable impact in cost savings, carbon reduction, and SLA performance. With the strength of the IKEA ecosystem behind us, we’re scaling that impact even further. Our Global Footprint Headquartered in Bangalore, with teams across the U.S., U.K., UAE, and Southeast Asia, Locus brings together 170 + engineers, designers, and problem-solvers united by a single goal: to reinvent how the world moves goods. Traits We Value We look for people who are: Global in mindset : curious about diverse markets and ideas. Unrelenting in drive : energized by complex challenges. Intelligent in approach : analytical, creative, and thoughtful. Dynamic in execution : adaptive and decisive in fast-moving contexts. Exact in craft : detail-oriented and committed to excellence. About the role As a  Senior GRC Specialist at  Locus, you’ll play a pivotal role in safeguarding the company’s data and systems while enabling global logistics innovation. This role involves leading the implementation of robust security and privacy frameworks like ISO27001, ISO 27701, NIST, SOC2 Type II, etc., driving risk assessments, managing audits, and ensuring compliance across jurisdictions. You'll work closely with cross-functional teams to embed security into every layer of the organization—people, processes, and technology. If you're passionate about security, privacy, and scalable compliance in a fast-paced tech environment, this is your opportunity to make a real impact. Key Responsibilities: Design, implement, and maintain  the organization’s  Information Security Management System (ISMS)  and  Privacy Information Management System (PIMS)  in alignment with ISO 27001, ISO 27701, and SOC2 Type II Drive  end-to-end security and privacy compliance  programs independently, ensuring alignment with business objectives and customer/regulatory expectations. Conduct  periodic risk assessments , develop risk treatment plans, and work closely with business and technical stakeholders to ensure timely mitigation. Develop, review, and improve  information security and privacy policies, processes, and controls  based on changes in the business environment, emerging threats, and applicable legal and regulatory requirements. Ensure  client contractual obligations (MSAs)  and  legal requirements  (e.g., GDPR, CCPA) are consistently met. Track and report compliance status and risks through  metrics, dashboards, and management reviews . Lead and coordinate  internal and external audits  (ISO 27001, SOC 2, etc.), including remediation and continual improvement efforts. Assess and onboard  critical third-party vendors  through structured  third-party risk assessments . Coordinate and execute  Business Continuity Planning (BCP)  and  Disaster Recovery (DR)  tests. Set guidelines and review adherence to  secure development practices , including  secure coding standards . Champion and conduct  employee awareness and training programs  for security and privacy during onboarding and ongoing learning cycles. Oversee the  incident response process , ensuring effective triage, containment, root cause analysis, and reporting of security and privacy incidents. Work closely with engineering/product teams to  embed privacy and security-by-design  principles into the product lifecycle. Liaise with vendors and partners to evaluate and deploy relevant  security tools and solutions . Automate  repetitive or redundant GRC tasks using scripting or low-code tools to improve efficiency. Key Requirements: 5–7 years of relevant experience in Governance, Risk & Compliance (GRC)  roles in a  product-based or technology-driven organization . Deep understanding of  compliance frameworks : ISO 27001, SOC 2, CSA STAR, BS 10012, ISO 27701. Solid knowledge of  global privacy regulations : GDPR, CCPA, and others. Proven experience leading  audits and regulatory assessments , including stakeholder management and remediation. Hands-on experience implementing  security/privacy controls  in  cloud environments  (AWS preferred). Ability to  translate compliance requirements into actionable security measures  across tech, product, and operations. Ability to work  independently  and manage compliance responsibilities across multiple functions and geographies. Good to Have Certifications (At least one certification in GRC is mandatory): CISA/CISM (recommended) CISSP  CIPM/CIPP-E   ISO 27001 Lead Auditor (recommended) CRISC ,  CCSK , or other GRC/privacy-focused credentials What We Offer Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.