Istanbul, Türkiye
• Own and manage end‑to‑end ITGC engagements in Non‑FSI organizations, with a strong emphasis on SAP‑based IT control environments, ensuring consistent delivery across control design, walkthroughs, and testing activities. • Act as a SAP ITGC subject matter contributor and primary point of contact, supporting teams and clients on control interpretation, testing approaches, remediation strategies, and ongoing stakeholder communication throughout engagements. • Manage and coordinate project teams and engagement planning activities, including task allocation, deliverable reviews, timeline management, and resource planning to ensure effective execution across multiple concurrent workstreams. • Drive continuous improvement and data‑driven decision‑making, enhancing ITGC methodologies and working practices while generating insights on team productivity, utilization, and overall delivery efficiency.
• Manage the administration of the CrowdStrike EDR product, including advanced configuration, deployment, and continuous monitoring. Leverage my CrowdStrike Certified Falcon Administrator (CCFA) certification to optimize threat detection and response capabilities, which significantly enhances our organization's overall security posture. • Lead the proof of concept (PoC) processes for various security solutions, assessing their viability and compatibility with existing systems to ensure robust protection. • Provide support to team members on various security products, including Proxy, DLP, SIEM, PAM, and DAM, even in areas where I am not the primary owner, fostering a collaborative security environment. • Actively work to raise awareness of information security across the organization, promoting best practices and encouraging a culture of security mindfulness. • Participate in the security assessment processes for third-party vendors, ensuring that they meet our security standards and requirements.
• Perform third party security assessment on pre procurement phase. • Planned and responsible for internal and external IT audit activities such as Big4 audit, PCI DSS audit etc. • Follow up security related tasks that are conducted by application security team and also external penetration test reports • Created and maintened policy and procedures for IT security activites.
• ING Global Minimum Standards implementation for Security Monitoring activites • Internal and External IT Governance Audits Facilitations "SOX , Cobit ext." • Perform control compliance check for IT assets accordingly IT minimum standards • Perform both local and global interdisciplinary teams for mitigation of IT risk issues • Being a part of governance and risk activities of penetration testing, TSCM, vulnerability management
Identifies and evaluates IT and business risks across a complex and distributed computing environments • Provides both IT and business process assurance services • Conducts planning, coordination, performance and reporting of IT general controls and business process controls • Preparation of Audit planning memo’s and/or scope letters • Assessing key controls in terms of control design adequacy and controls effectiveness • Assessing business processes (financial and operational) in line leading, practice, as well as ability to identify gaps in processes • Preparation of Audit findings, and the discussion of these with key client personnel • Utilization of the existing ERP systems as well as the design and maintenance of queries for the preparation of analysis and the identification of audit-specific key data • Identifying key risks and controls, controls optimization, including the configuration of controls around security, business process and within IT environments