Istanbul, Türkiye
Data And Infrastructure Solutions Information Security: Ensuring the follow-up of information security events Monitoring information security issues in projects according to BDDK(Banking Regulation and Supervision Agency (BRSA)), PCI-DSS and security standards Supporting security controls during audit processes Producing and following up on new projects to ensure internal security Securing critical customer and corporate data through encryption, tokenization, and DLP (Data Loss Prevention) solutions Optimizing infrastructure security and access management processes Establishing and managing information and event activities within the scope of cyber security awareness activities according to Zero Trust approach Managing and optimizing processes through internally developed record-keeping systems to ensure efficiency, compliance, and traceability in all security operations such as local admin right, access and exception management etc. Managing third-party/internal project and application tools security evaluation and risk management processes according to banking requirements and standards Fulfilling responsibilities and compliance with regard to data security Conducting hardening control activities within the scope of information security Working on information security requirements in projects carried out together with BBVA Following the latest technological developments to ensure information security Mentoring next-generation security engineers and fostering knowledge sharing Collaborating with cross-functional teams to raise security awareness
Managing Information Security System(ISO 27001) and Digital Transformation Office of the Presidency of Turkey audits Ensuring internal information security is up-to-date by performing interim audits Performing internal audits Performing risk management for cyber security process via Archer GRC Follow-up of cyber security risk management forms via Archer GRC Follow-up of compliance documentation Follow-up of ISMS documentation process Manage and follow-up of local admin rights Establishing of local admin right restriction and monitoring process via CyberArk EPM
Establishing and managing Information Security System(ISO 27001), General Data Protection Regulation (GDPR), Personal Data Protection Law (KVKK) Establishing and managing SOC 2 (Type I and Type II) compliance Protection of Personal Data Ensuring compliance with Business Continuity Follow-up of compliance documentation Performing vulnerability scanning tests and ensuring their follow-up (Manage Engine Vulnerability Manager Plus) Ensuring pentest and closing the gaps Ensuring the follow-up of information security events Ensuring internal information security is up-to-date by performing interim audits Performing internal audits Providing physical training on Information Security and Protection of Personal Data, planning, monitoring and measuring results of interim training with the digital application tool Monitoring information security issues in projects Follow-up of applications to be taken to ensure internal compliance, control of functionality and adequacy of existing applications (Microsoft Defender for EDR, Alert Logic for MDR, Thycotic for PAM, VMP for Vulnerability Management and Rapid 7 for SIEM) Fulfilling responsibilities and compliance with regard to data security Monitoring the reporting of alarms of in-house applications (Microsoft Defender for EDR, Alert Logic for MDR, Thycotic for PAM, VMP for Vulnerability Management and Rapid 7 for SIEM) Ensuring that the alarms of Information Technologies products are turned off in order to ensure the applications and technical operations used within the company Following the latest technological developments to ensure information security Producing and following up on new projects to ensure internal security
My primary responsibilities have included evaluating the design and operating effectiveness of business and IT processes regarding the COSO framework and developing and executing test plans to assess the operating effectiveness of both IT and business process controls for large and complex IT environments. -Internal audit advisory projects -Audit support and process audits -IT general control audits for various clients in manufacturing, construction, retail, energy, and financial sectors (leasing, insurance, investment companies). -Experience in performing internal audit assessments and IT general control audits at clients who are using the SAP system. -Experience in performing internal audit assessments and IT general control audits in the banking sector.