Security Engineer

About the company

Ventura is an omnichannel trading and investment platform with a nationwide network of branches, sub-brokers, and digital channels. Founded in 1994, the company is now in its next phase of growth, driven by a digital-first, direct-to-consumer strategy.

To accelerate this transformation, Ventura has built a dedicated fintech vertical focused on digital innovation, modern platforms, and data-led marketing.

Join us if you like to:

• Coordinate & monitor IT processes & policies to ensure compliance with the IT Act, regulatory bodies (e.g. SEBI), DPDPA guidelines, global standards such as ISO 27001 and SOC 2, and other applicable laws related to Technology.
• This includes working closely with internal & external stakeholders across: Access Management, Change Management, Incident Management, Backup and Recovery, Business Continuity Planning and Disaster Recovery, Data Security, and Other Information Security Controls.
• Own and lead external information security audits end-to-end, including planning, coordinating with internal teams, driving evidence collection, facilitating auditor discussions, managing observations, overseeing remediation, and ensuring timely closure.
• Conduct vendor risk assessments and ensure vendors meet the organisation's internal security requirements before onboarding or during annual due diligence cycles.
• Assist in updating and improving current processes & policies based on evolving regulatory requirements relevant to our business.
• Interfacing with external auditors and ensuring all Infosec audits go smoothly, including coordinating with internal teams, evidence collection, observation discussion, remediation planning, etc.
• Evaluate internal information security requirements such as data sharing with third parties, reviewing contracts/agreements for information security clauses, and ensuring risks are identified and mitigated.
• Lead or support organisation-wide IT and Infosec process improvement initiatives.
• Lead or support in the organisations continuous external certification and compliance efforts, including SOC 2, ISO 27001, and SEBI CSCRF.

What youll need to bring:

• 1-2 years of experience in Information Security, including experience in Infosec audits, preferably in the financial services sector.
• Demonstrated experience owning external audits end-to-end, with strong capability in audit planning, coordination, and closure.
• In-depth knowledge of technology, security, risk, and compliance best practices.
• Strong ability to effectively communicate and interface with both technology and business teams.
• Detailed understanding of IT General Controls (ITGCs) and their implementation.
• Good understanding of security monitoring, threat intelligence, and vulnerability management processes.
• A self-driven attitude with a strong sense of ownership and the ability to independently drive tasks to completion.
• Having experience following audits would be a big plus.
• SEBI audits, GDPR / DPDPA / Any Data Privacy audits, SOC2 / ISO27001 audits, CSCRF audits.