Senior GRC Specialist

Job Title: Senior GRC Specialist

Location: Bangalore (On-site; full-time)

About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women’s safety geo-tracking app into a globally recognized logistics optimization platform.

Our technology has empowered enterprises such as Unilever and Nestlé to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics.

About the role

As a Senior GRC Specialist at Locus, you’ll play a pivotal role in safeguarding the company’s data and systems while enabling global logistics innovation. This role involves leading the implementation of robust security and privacy frameworks like ISO27001, ISO 27701, NIST, SOC2 Type II, etc., driving risk assessments, managing audits, and ensuring compliance across jurisdictions. You'll work closely with cross-functional teams to embed security into every layer of the organization—people, processes, and technology. If you're passionate about security, privacy, and scalable compliance in a fast-paced tech environment, this is your opportunity to make a real impact.

Key Responsibilities:

• Design, implement, and maintain the organization’s Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in alignment with ISO 27001, ISO 27701, and SOC2 Type II
  

• Drive end-to-end security and privacy compliance programs independently, ensuring alignment with business objectives and customer/regulatory expectations.
  

• Conduct periodic risk assessments, develop risk treatment plans, and work closely with business and technical stakeholders to ensure timely mitigation.
  

• Develop, review, and improve information security and privacy policies, processes, and controls based on changes in the business environment, emerging threats, and applicable legal and regulatory requirements.
  

• Ensure client contractual obligations (MSAs) and legal requirements (e.g., GDPR, CCPA) are consistently met.
  

• Track and report compliance status and risks through metrics, dashboards, and management reviews.
  

• Lead and coordinate internal and external audits (ISO 27001, SOC 2, etc.), including remediation and continual improvement efforts.
  

• Assess and onboard critical third-party vendors through structured third-party risk assessments.
  

• Coordinate and execute Business Continuity Planning (BCP) and Disaster Recovery (DR) tests.
  

• Set guidelines and review adherence to secure development practices, including secure coding standards.
  

• Champion and conduct employee awareness and training programs for security and privacy during onboarding and ongoing learning cycles.
  

• Oversee the incident response process, ensuring effective triage, containment, root cause analysis, and reporting of security and privacy incidents.
  

• Work closely with engineering/product teams to embed privacy and security-by-design principles into the product lifecycle.
  

• Liaise with vendors and partners to evaluate and deploy relevant security tools and solutions.
  

• Automate repetitive or redundant GRC tasks using scripting or low-code tools to improve efficiency.
  

Key Requirements:

• 5–7 years of relevant experience in Governance, Risk & Compliance (GRC) roles in a product-based or technology-driven organization.
  

• Deep understanding of compliance frameworks: ISO 27001, SOC 2, CSA STAR, BS 10012, ISO 27701.
  

• Solid knowledge of global privacy regulations: GDPR, CCPA, and others.
  

• Proven experience leading audits and regulatory assessments, including stakeholder management and remediation.
  

• Hands-on experience implementing security/privacy controls in cloud environments (AWS preferred).
  

• Ability to translate compliance requirements into actionable security measures across tech, product, and operations.
  

• Ability to work independently and manage compliance responsibilities across multiple functions and geographies.
  

Good to Have Certifications (At least one certification in GRC is mandatory):

• CISA/CISM (recommended)
  

• CISSP 
  

• CIPM/CIPP-E 
  

• ISO 27001 Lead Auditor (recommended)
  

• CRISC, CCSK, or other GRC/privacy-focused credentials
  

What We Offer

Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization.

Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.