Job Title: GRC Officer
Location: Bangalore (On-site; full-time)
About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women’s safety geo-tracking app into a globally recognized logistics optimization platform.
Our technology has empowered enterprises such as Unilever and Nestlé to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics.
Information Security Officer
We're looking for a 3-4 yrs experienced Information Security Officer.
Key Responsibilities:
Define, implement, and maintain the Information Security Management System (ISMS) and Privacy Information Management System (PIMS).
Plan and execute periodic risk assessments. Work directly with the business units to facilitate risk assessment and risk management processes.
Define, Review and Maintain the organizational information security policies, processes, procedures and control framework to ensure it is adequate to address the emerging risks due to changing environment, technology and legal requirements.
Align customer and internal information security objectives to the ISMS and PIMS.
Monitor and fulfill client contractual (MSA) information security and privacy obligations.
Monitor and fulfill legal obligations related to protection of personal information across different jurisdictions like GDPR, CCPA.
Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review.
Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security.
Lead the Information Security audits / assessments / remediation and present key risks to the management.
Perform the Third party Risk Assessment of Critical Vendors.
Conduct Information Security and Privacy awareness and training programs for the employees as part of their induction and regular awareness.
Oversee information security and privacy incident management process for incident reporting, containment, resolution and root cause analysis.
Plan and coordinate BCP and DR tests.
Setup guidelines for secure coding practices.
Recommend security and privacy controls based on people, process and technology approach and industry best practices.