Istanbul, Türkiye
Highly accomplished and results-driven Information Security and GRC Executive with over 17 years of experience in leading comprehensive security programs across diverse international and financial sectors. As a trusted advisor to C-level management and boards, I specialize in developing and executing robust security strategies that align with business objectives to protect critical assets and enable sustainable growth. My expertise is built on a strong foundation of: • Information Security Leadership & Governance • Cybersecurity Strategy & Operations • IT Risk, Audit & Compliance Management • Data Protection & Privacy (GDPR/KVKK) • Business Continuity & Disaster Recovery • Team Development & Vendor Management I am passionate about building resilient security frameworks and driving secure digital transformation. I have held CISO-level responsibilities across major institutions, including Intertech, Denizbank, and Anadolubank. My focus is on translating complex technical requirements into strategic business solutions.
Driving enterprise-wide cybersecurity and digital resilience programs at KoçSistem, Koç Dijital and Koç Savunma, operating at CISO level to protect mission-critical systems and enable secure business growth. Advising boards and executive leadership on cyber strategy, enterprise risk management, regulatory compliance, and emerging threat landscapes across complex hybrid and cloud environments. Leading Zero Trust adoption, cyber resilience roadmaps, third-party risk governance, crisis preparedness, and security maturity transformation programs. Positioning cybersecurity as a strategic business enabler—integrating governance, technology, and people to strengthen organizational trust, regulatory confidence, and long-term digital value creation.
Spearheaded and advised on enterprise-wide security strategy, reporting directly to the Board Member and C-level stakeholders to ensure robust security governance and regulatory readiness across Denizbank’s digital banking and fintech ecosystem. Orchestrated the development and maintenance of an ISO 27001-certified ISMS, ensuring continuous compliance with BRSA, KVKK, and global frameworks including PCI-DSS, NIST CSF, and GDPR/DORA. Directed all enterprise-level risk assessments and audit management, leading to improved security posture and proactive mitigation of critical risks across core banking platforms. Pioneered the implementation of comprehensive business continuity, incident response, and user awareness programs to enhance organizational resilience. Collaborated with key business units (IT, Legal, Compliance) to embed security-by-design principles into new digital products and transformation initiatives. Mitigated third-party risk by managing vendor security assessments and ensuring the security of the supply chain.
Spearheaded and advised on enterprise-wide security strategy, reporting directly to the Board Member and C-level stakeholders to ensure robust security governance and regulatory readiness across Denizbank’s digital banking and fintech ecosystem. • Orchestrated the development and maintenance of an ISO 27001-certified ISMS, ensuring continuous compliance with BRSA, KVKK, and global frameworks including PCI-DSS, NIST CSF, and GDPR/DORA. • Directed all enterprise-level risk assessments and audit management, leading to improved security posture and proactive mitigation of critical risks across core banking platforms. • Pioneered the implementation of comprehensive business continuity, incident response, and security awareness programs to enhance organizational resilience and security culture. • Collaborated with key business units (IT, Legal, Compliance) to embed security-by-design principles into new digital products and transformation initiatives. • Mitigated third-party risk by managing vendor security assessments and ensuring the security of the supply chain. • Developed and governed internal policies, procedures, and asset classification models that established a single source of truth for the organization's security posture.
Served as the highest-ranking cybersecurity authority in the organization, reporting directly to the Chief Technology Officer (CTO) and owning all aspects of information security, risk management, and compliance operations across the bank. • Pioneered the establishment of the bank’s Information Security Management System (ISMS), guiding its design and execution based on ISO 27001 and COBIT 5 frameworks. • Directed all regulatory compliance activities, ensuring full alignment with BRSA, KVKK, and PCI-DSS requirements through robust policy enforcement and governance. • Drove a strong security culture through organization-wide training programs, significantly reducing human-related risks and strengthening the security posture. • Oversaw end-to-end security operations, including penetration testing, audit planning, and third-party risk management, to proactively manage and mitigate enterprise risk. • Played a critical role in aligning business continuity and IT operations with security governance to ensure organizational resilience.
Served as the sole Information Security Leader for the Turkish operations of NN Group, reporting directly to the global headquarters in the Netherlands. In this capacity, I functioned as the de facto CISO for the local entity, leading all aspects of information security and IT governance. • Achieved one of the top 3 compliance scores across 16 NN entities globally, a success officially recognized by headquarters in the Netherlands and a testament to the strength of local security programs. • Received three official offers to relocate to the Netherlands to assume a global role, based on my performance and successful collaboration with global teams. • Established the foundational information security governance framework for the Turkish business unit, ensuring alignment with international GRC and audit standards. • Led the development of robust BCP/DR programs, risk registers, control testing, and policy frameworks to ensure business continuity. • Represented the Turkish operation in global security forums, audit committees, and risk boards, demonstrating leadership on an international scale. • Contributed to the organization’s enterprise risk management model by laying the groundwork for a long-term cybersecurity strategy.
Responsible for Managing IT Management Frameworks such as over all IT Infrastructure Operations & Projects and ensuring that all targets are met successfully and on time. • Designing ITIL Processes and alignment with MetLife Minimum standards on Local IT Infrastructure Team, • Coordinate with outsourcing suppliers/Service Providers, • Providing consultancy for new products & services, • Financial processes responsible for managing IT service provider’s budgeting accounting and charging requirements, • Measurements of Quality of designed IT Process via monthly process audit, • Conducting third party security audits, • Coordinating / performing user reviews, • Compliance with PCI/DSS requirements, • Providing support to Business Continuity & Disaster Management System, • Assist with communicating proactively to end users, • Collaborate and involve on Local and Region Office based IT projects, • Manage enterprise infrastructure systems and design, including leading a team of professionals to manage and operate a complex network, infrastructure and IPT environment. • Administers and supports the entire VM Systems of the company (VMware) • Manages licenses for all operating system related software and end-user tools/applications. • Manages IP Telephony for all Call Center system related software and end-user tools/applications. • Prepares detailed network diagrams, documentations, records and keep them updated. Reports as needed. • Server/Client continuous security patch management and documentation.