London, England, United Kingdom
Technology risk and assurance professional. So far he conducted: - External IT audits (SOX, SOC2, AAF 01/06) for various industries - IT risk and control assessments for various applications and infrastructure components - IT risk framework advisory - IT control assurance for second line of defence - IT internal audit reviews for FS clients - Cybersecurity assurance advisory for FS clients - Third party IT risk assurance - Data analysis for journal entry testing Professional certifications are: - CISSP (Certified Information Systems Security Professional) - CCSP (Certified Cloud Security Professional) - CISA (Certified Information Systems Auditor) - CISM (Certified Information Security Manager) - CDPSE (Certified Data Privacy Solutions Engineer) - CIPP/E (Certified Information Privacy Professional/Europe) (Expired) - CIPT (Certified Information Privacy Technologist) - Azure Security Engineer Associate (AZ-500) - Google Cloud - Professional Cloud Security Engineer - ITILv3 – Foundation
Core Engineering and Cybersecurity
Contracted to Lloyds Banking Group Internal Audit as IT infrastructure SME for more than 1.5 years.
- Self-employed professional, experienced in IT audit, IT security governance, data protection, privacy and IT risk management. - Worked as IT risk consultant for GDPR compliance project at Punter Southall Group for 3 months. - Worked as internal IT audit consultant at Astellas Pharmaceuticals Europe for global cybersecurity audit engagement and J-SOX ITGC and ITAP quality assurance review for 6 months. - Worked as IS027001 compliance consultant for a startup fintech company (Capexmove) - Worked at Grant Thornton UK as IT audit consultant for internal/external IT audit engagements such as SOC2, AAF 01/06 reporting.
- Performed IT security management consultancy for broadcasting and ISP infrastructure companies such as access management, authentication methods, password storage security, network components and database configurations. - Performed ITGC and application controls for EY financial auditees implementing EY Global Audit Methodology (EY GAM). Encountered applications are generally SAP, mainframes, AS400 and in-house developed applications. - Performed COBIT 4.1-based IT audits to banks for risk-based COBIT processes (AI2, AI6, AI7, DS2, DS4, DS5, DS8, DS12, DS13, PO2, PO4 and PO9) - Performed ISO27001 internal audits as a part of ISO27001 compliance projects and reported results to clients and lead auditors. - Performed assessment and implementation IT-related matters for Privacy Act in Turkey such as configuration of DLP, extracting data inventory from application and infrastructure components. - Audited electronic communications among POS terminals and servers defined in the regulatory body’s instructions including software security, change management, business continuity process audits. - Performed cyber security maturity assessment for Tier-1 bank in Turkey focusing on security architecture, security monitoring and incident management, software security process. - Performed IT audits for compliance and sufficiency of controls environment for 3rd party suppliers of the Turkish Banks including credit card issuing companies, call center and product development companies.