Istanbul, Istanbul, Türkiye
Currently I am holding; - Lead IT Banking Auditor - Former PCI QSA - Certified Information Systems Auditor (CISA) - Certified Information Security Manager (CISM) - Certified Data Privacy Solutions Engineer (CDPSE) - ISO 27001:2022 Lead Auditor - TSE D1-D2 Lead DDO Auditor
I have successfully established a cybersecurity firm that prioritizes comprehensive risk management and compliance solutions. • Conducted PCI DSS, Cobit, DORA ISO 27001 and GDPR audits, ensuring clients meet regulatory requirements and enhancing their security frameworks. • Leaded Enterprise Architecture, AI Transformation, Technology Transformation and Business Alignment projects. • Led incident response efforts that minimized data breach impacts, achieving a 95% resolution rate within critical timeframes. • Provided managed security services, including vCISO and vDPO roles, to support clients in navigating complex security landscapes.
• Responsible of leading Cybersecurity Department divided to 4 teams. • Responsible of providing services: o Data Protection and Privacy Services o Cyber Engineering Services o Cyber Testing Services o Industrial Control Systems Services • Re-structured the department providing more services in technical Cyber areas. • Lead global projects in Cyber Program assessment, Cyber testing and Cyber implementation competencies. • Lead multinational teams and resources in Cyber projects.
We are providing services in terms of Compliance & Governance, IT Capabilities and Infrastructure. As an authorized PCI QSA Company, Mazars Denge can perform authorized PCI DSS audits with Turkish PCI QSA. Mazars Denge is one of the seven authorized BRSA Independent Auditor Company. - BRSA Audit BRSA Banking Audit Payment Certification Audit Risk Center Audit - PCI DSS Services PCI DSS Onsite Audit (Authorized) PCI DSS Gap Assessment PCI DSS Consultancy PCI DSS SAQ Form Filling PCI DSS Training - COMPLIANCE AND GOVERNANCE Cobit 5 PCI DSS 3.2 ISO 27001:2013 NIST Cyber Security KVK BRSA & ITI - IT CAPABILITIES Security Management Infrastructure Management Data Management Server Management Service Management IT Strategy Management - INFRASTRUCTURE Asset Security Architecture Network and Data Center Security Devices Servers Databases
We are providing services in terms of Compliance & Governance, IT Capabilities and Infrastructure. As an authorized PCI QSA Company, Mazars Denge can perform authorized PCI DSS audits with Turkish PCI QSA. Mazars Denge is one of the seven authorized BRSA Independent Auditor Company. - BRSA Audit BRSA Banking Audit Payment Certification Audit Risk Center Audit - PCI DSS Services PCI DSS Onsite Audit (Authorized) PCI DSS Gap Assessment PCI DSS Consultancy PCI DSS SAQ Form Filling PCI DSS Training - COMPLIANCE AND GOVERNANCE Cobit 5 PCI DSS 3.2 ISO 27001:2013 NIST Cyber Security KVK BRSA & ITI - IT CAPABILITIES Security Management Infrastructure Management Data Management Server Management Service Management IT Strategy Management - INFRASTRUCTURE Asset Security Architecture Network and Data Center Security Devices Servers Databases
- Coordinating PCI DSS Audits and Consultancy - Managing IT Counsultancy Projects - PCI DSS, IT Consultancy and Security Product Presales - Assessing client environments and advising them on issues of risk, security and compliance - Consulting with clients on high-level strategic initiatives as well as highly-technical and detailed regulatory compliance projects - PCI Data Security Standart (DSS) Qualified Security Assessor and Consultant - Provide consultancy for security products - Security process improvement - Security training
- Assessing client environments and advising them on issues of risk, security and compliance - Consulting with clients on high-level strategic initiatives as well as highly-technical and detailed regulatory compliance projects - PCI Data Security Standart (DSS) Qualified Security Assessor and Consultant - Provide consultancy for security products - Security process improvement - Security training
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization. • Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews. • Develop and enhance an information security management framework based on the following: Payment Card Industry Data Security Standart (PCI DSS), International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST). • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. • Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture • Develop and manage information security budgets, and monitor them for variances. • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.