About The Team
The Information Security & Compliance team at smallcase is responsible for ensuring the organization meets the highest standards of security, privacy, and regulatory compliance. We work closely with engineering, product, business, and external partners to build and maintain a secure environment while staying aligned with evolving regulatory and industry requirements. We are now looking to expand the team to further strengthen our audit, compliance, and information security capabilities.
About The Role
We are looking for a Senior Analyst - Infosec and Compliance who can take ownership of external information security audits and drive key Infosec initiatives independently. This role is ideal for someone who has hands-on experience managing audits end-to-end, is comfortable leading cross-functional engagements, and is eager to contribute to strengthening our security posture. You will play a critical role in ensuring ongoing compliance with regulatory, industry, and internal security requirements.
What You’ll Be Doing
Coordinate & monitor IT processes & policies to ensure compliance with the IT Act, regulatory bodies (e.g., RBI, SEBI, etc.), DPDPA guidelines, global standards such as ISO 27001 and SOC 2, and other applicable laws related to Technology. This includes working closely with internal & external stakeholders across: - Access Management
- Change Management
- Incident Management
- Backup and Recovery
- Business Continuity Planning and Disaster Recovery
- Data Security
- Other Information Security Controls
- Own and lead external information security audits end-to-end, including planning, coordinating with internal teams, driving evidence collection, facilitating auditor discussions, managing observations, overseeing remediation, and ensuring timely closure.
- Conduct vendor risk assessments and ensure vendors meet the organization's internal security requirements before onboarding or during annual due diligence cycles.
- Assist in updating and improving current processes & policies based on evolving regulatory requirements relevant to our business.
- Interfacing with external auditors and ensuring all Infosec audits go smoothly including coordinating with internal teams, evidence collection, observation discussion, remediation planning etc.
- Evaluate internal information security requirements such as data sharing with third parties, reviewing contracts/agreements for information security clauses, and ensuring risks are identified and mitigated.
- Lead or support organization-wide IT and Infosec process improvement initiatives.
- Lead or support in the organization’s continuous external certification and compliance efforts, including SOC 2, ISO 27001, and regulatory audits.
What We Look For In You
- 3+ years of experience in Information Security, including experience as a SPOC or lead for Infosec audits, preferably in the financial services sector.
- Demonstrated experience owning external audits end-to-end, with strong capability in audit planning, coordination, and closure.
- In-depth knowledge of technology, security, risk, and compliance best practices.
- Strong ability to effectively communicate and interface with both technology and business teams.
- Detailed understanding of IT General Controls (ITGCs) and their implementation.
- Good understanding of security monitoring, threat intelligence, and vulnerability management processes.
- A self-driven attitude with a strong sense of ownership and the ability to independently drive tasks to completion.
- Having experience following audits would be a big plus.
- RBI / SEBI audits
- GDPR / DPDPA / Any Data Privacy audits
- SOC2 / ISO27001 audits
- CSCRF audits
- Statutory Audit
About Smallcase
At smallcase, we are changing how India invests. smallcase is a leading provider of investment products & platforms to over 10 million Indians. We're a young, driven team of 250+ headquartered in Bangalore. smallcase was founded in July 2015 by three IIT Kharagpur graduates, Vasanth Kamath, Anugrah Shrivastava and Rohan Gupta.smallcase has been focused on offering innovative investing experiences & technology. Our platforms are used by over 300 of India's largest financial brands and most respected institutions. We are backed by world-class investors including top-tier funds, institutions and operators from the capital markets space who believe in our mission of enabling better financial futures for every Indian.
Life at smallcase
We are not just building a business, we are making a long-lasting impact both in the wealth & assets landscape with our unique technology & expanding ecosystem. Over the last 9 years, our team, products, and platforms have grown and so have our ambitions.Innovation remains at the heart of what we do. Our other core values are transparency, integrity & long-term thinking. Our key asset has always been our people, and we empower individuals to build and do some of the best work in their lifetimes at smallcase. Flexibility, ownership and constant feedback loops are some of the ways we keep evolving the working environment.Skills: rbi,iso,gdpr,cscrf audits,dpdpa,sebi,soc,statutory audit
