About the companyVentura is an omnichannel trading and investment platform with a nationwide network of branches, sub-brokers, and digital channels. Founded in 1994, the company is now in its next phase of growth, driven by a digital-first, direct-to-consumer strategy.To accelerate this transformation, Ventura has built a dedicated fintech vertical focused on digital innovation, modern platforms, and data-led marketing.Join us if you like to:Coordinate & monitor IT processes & policies to ensure compliance with the IT Act, regulatory bodies (e.g. SEBI), DPDPA guidelines, global standards such as ISO 27001 and SOC 2, and other applicable laws related to Technology.This includes working closely with internal & external stakeholders across: Access Management, Change Management, Incident Management, Backup and Recovery, Business Continuity Planning and Disaster Recovery, Data Security, and Other Information Security Controls.Own and lead external information security audits end-to-end, including planning, coordinating with internal teams, driving evidence collection, facilitating auditor discussions, managing observations, overseeing remediation, and ensuring timely closure.Conduct vendor risk assessments and ensure vendors meet the organisation's internal security requirements before onboarding or during annual due diligence cycles.Assist in updating and improving current processes & policies based on evolving regulatory requirements relevant to our business.Interfacing with external auditors and ensuring all Infosec audits go smoothly, including coordinating with internal teams, evidence collection, observation discussion, remediation planning, etc.Evaluate internal information security requirements such as data sharing with third parties, reviewing contracts/agreements for information security clauses, and ensuring risks are identified and mitigated.Lead or support organisation-wide IT and Infosec process improvement initiatives.Lead or support in the organisation’s continuous external certification and compliance efforts, including SOC 2, ISO 27001, and SEBI CSCRF.What you’ll need to bring:1-2 years of experience in Information Security, including experience in Infosec audits, preferably in the financial services sector.Demonstrated experience owning external audits end-to-end, with strong capability in audit planning, coordination, and closure.In-depth knowledge of technology, security, risk, and compliance best practices. Strong ability to effectively communicate and interface with both technology and business teams.Detailed understanding of IT General Controls (ITGCs) and their implementation.Good understanding of security monitoring, threat intelligence, and vulnerability management processes.A self-driven attitude with a strong sense of ownership and the ability to independently drive tasks to completion.Having experience following audits would be a big plus.SEBI audits, GDPR / DPDPA / Any Data Privacy audits, SOC2 / ISO27001 audits, CSCRF audits.
Job Title
Security Engineer