Senior GRC Specialist

Job Title: Senior GRC Specialist

Location: Bangalore (On-site; full-time)

About Locus
Battle-tested in 350+ deployments across 30+ countries, Locus is an agentic Transportation Management System for all-mile, all-channel, trusted by enterprises like Unilever, Nestlé, and Siam Makro.

The platform unifies orders, capacity, and carrier networks into one living plan, aligning planning, execution, and settlement so promises become proof. AI co-pilots with guardrails surface risk early and recommend the next best move to protect SLAs and reduce empty miles.

In 2025, Locus joined the Ingka Group (IKEA Retail) family, marking a major milestone in our journey. Backed by the scale and strength of IKEA, we continue to operate independently while accelerating our mission to make global supply chains faster, smarter, and more sustainable.

Our Journey and Impact

Since 2015, Locus has been on a mission to make logistics decision-making intelligent, sustainable, and real-world ready. Our platform has powered billions of deliveries across 30 + countries for global enterprises, driving measurable impact in cost savings, carbon reduction, and SLA performance. With the strength of the IKEA ecosystem behind us, we're scaling that impact even further.

Our Global Footprint

Headquartered in Bangalore, with teams across the U.S., U.K., UAE, and Southeast Asia, Locus brings together 170 + engineers, designers, and problem-solvers united by a single goal: to reinvent how the world moves goods.

Traits We Value

We look for people who are:

• Global in mindset: curious about diverse markets and ideas.
• Unrelenting in drive: energized by complex challenges.
• Intelligent in approach: analytical, creative, and thoughtful.
• Dynamic in execution: adaptive and decisive in fast-moving contexts.
• Exact in craft: detail-oriented and committed to excellence.

About The Role
As a Senior GRC Specialist at Locus, you'll play a pivotal role in safeguarding the company's data and systems while enabling global logistics innovation. This role involves leading the implementation of robust security and privacy frameworks like ISO27001, ISO 27701, NIST, SOC2 Type II, etc., driving risk assessments, managing audits, and ensuring compliance across jurisdictions. You'll work closely with cross-functional teams to embed security into every layer of the organization—people, processes, and technology. If you're passionate about security, privacy, and scalable compliance in a fast-paced tech environment, this is your opportunity to make a real impact.

Key Responsibilities:

• Design, implement, and maintain the organization's Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in alignment with ISO 27001, ISO 27701, and SOC2 Type II
• Drive end-to-end security and privacy compliance programs independently, ensuring alignment with business objectives and customer/regulatory expectations.
• Conduct periodic risk assessments, develop risk treatment plans, and work closely with business and technical stakeholders to ensure timely mitigation.
• Develop, review, and improve information security and privacy policies, processes, and controls based on changes in the business environment, emerging threats, and applicable legal and regulatory requirements.
• Ensure client contractual obligations (MSAs) and legal requirements (e.g., GDPR, CCPA) are consistently met.
• Track and report compliance status and risks through metrics, dashboards, and management reviews.
• Lead and coordinate internal and external audits (ISO 27001, SOC 2, etc.), including remediation and continual improvement efforts.
• Assess and onboard critical third-party vendors through structured third-party risk assessments.
• Coordinate and execute Business Continuity Planning (BCP) and Disaster Recovery (DR) tests.
• Set guidelines and review adherence to secure development practices, including secure coding standards.
• Champion and conduct employee awareness and training programs for security and privacy during onboarding and ongoing learning cycles.
• Oversee the incident response process, ensuring effective triage, containment, root cause analysis, and reporting of security and privacy incidents.
• Work closely with engineering/product teams to embed privacy and security-by-design principles into the product lifecycle.
• Liaise with vendors and partners to evaluate and deploy relevant security tools and solutions.
• Automate repetitive or redundant GRC tasks using scripting or low-code tools to improve efficiency.

Key Requirements:

• 5–7 years of relevant experience in Governance, Risk & Compliance (GRC) roles in a product-based or technology-driven organization.
• Deep understanding of compliance frameworks: ISO 27001, SOC 2, CSA STAR, BS 10012, ISO 27701.
• Solid knowledge of global privacy regulations: GDPR, CCPA, and others.
• Proven experience leading audits and regulatory assessments, including stakeholder management and remediation.
• Hands-on experience implementing security/privacy controls in cloud environments (AWS preferred).
• Ability to translate compliance requirements into actionable security measures across tech, product, and operations.
• Ability to work independently and manage compliance responsibilities across multiple functions and geographies.

Good to Have Certifications (At least one certification in GRC is mandatory):

• CISA/CISM (recommended)
• CISSP
• CIPM/CIPP-E
• ISO 27001 Lead Auditor (recommended)
• CRISC, CCSK, or other GRC/privacy-focused credentials

What We Offer

Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization.

Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.