Director- Information Security

Hello! 👋

Who are we? 

Locus.sh is a leading-edge technology company dedicated to solving the most challenging problems in logistics and supply chain. Our ambition? To revolutionize the supply chain realm through cutting-edge technology, enabling smarter, automated decision-making. From dispatch management and carrier orchestration to route optimization and real-time insights, our solutions are designed to enhance efficiency, consistency, and transparency in operations.

Our Journey and Impact: 

Since our inception in 2015, with the backing of esteemed investors like GIC Singapore, Qualcomm Ventures, Tiger Global, and Falcon Edge ($80M raised so far), we've embarked on a global mission to redefine logistics. Our technologies have empowered giants like Unilever, Nestle, and The Tata Group, facilitating over 1 billion deliveries across 30+ countries. The result? A staggering $288 million in cost savings, a 12 million tonne reduction in CO2 emissions, and an unwavering 99.5% SLA adherence.

Our Global Footprint: 

Based in Bangalore, India, our reach extends across the Americas, Southeast Asia, the Middle East, and beyond. As a vibrant team of 170+ visionaries, we're on an exhilarating growth trajectory.

Traits We Value:

Global: You possess a global mindset, understanding and appreciating diverse cultures and market nuances. You're adept at thinking beyond borders and appreciate the vast opportunities that a worldwide perspective brings.

Unrelenting: You display unmatched perseverance and commitment in everything you do. Challenges invigorate you, and you are determined to overcome obstacles with innovative solutions.

Intelligent: You consistently demonstrate sharp analytical thinking and astute problem-solving capabilities. You're quick to grasp complex concepts and can effectively communicate intricate ideas.

Role Description

As the Director-Information Security, you will be responsible for developing and implementing an organization- wide information security strategy and framework. You will lead a team of security professionals and work closely with other stakeholders to protect the organization's information assets from security threats and ensure compliance with applicable regulations and industry best practices.

Key Responsibilities:

• Information Security Strategy: Develop and implement a comprehensive information security strategy aligned with the organization's goals and objectives. Ensure the strategy addresses current and emerging security threats, vulnerabilities, and risks.

  
  

• Security Governance: Establish and maintain an effective security governance framework, including policies, procedures, standards, and guidelines. Ensure compliance with applicable laws, regulations, and industry standards.

  
  

• Risk Management: Identify, assess, and manage information security risks throughout the organization. Develop risk mitigation plans and ensure their implementation.

  
  

• Security Operations: Oversee the day-to-day security operations, including security incident response, vulnerability management, threat intelligence, security monitoring, and access control. Ensure the organization has appropriate security tools, technologies, and processes in place.

  
  

• Security Awareness and Training: Develop and deliver information security awareness and training programs to educate employees and contractors about their roles and responsibilities in protecting information assets.

  
  

• Security Architecture: Collaborate with IT and other relevant teams to develop and maintain a secure technology infrastructure. Provide guidance on security requirements for new systems, applications, and technologies.

  
  

• Security Compliance: Monitor and enforce compliance with relevant security policies, standards, and regulations. Conduct periodic security audits and assessments to identify and address compliance gaps.

  
  

• Incident Response: Lead the response to security incidents, including investigating and containing incidents, coordinating with internal teams and external stakeholders, and implementing remediation measures to prevent future incidents.

  
  

• Vendor and Third-Party Risk Management: Establish and maintain a vendor and third-party risk management program to assess and monitor the security posture of external partners and suppliers.

  
  

• Security Metrics and Reporting: Define and track key security metrics to measure the effectiveness of security controls and initiatives. Prepare and present regular reports on the organization's security posture to executive management and the board.

  
  

Qualifications and Requirements:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.

  
  

• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent.

  
  

• Proven experience (typically 6-8+ years) in information security management, including hands-on experience in security operations, risk management, and compliance.

  
  

• Strong knowledge of information security principles, standards, frameworks (e.g., ISO 27001, NIST Cybersecurity Framework), and regulations (e.g., GDPR, CCPA).