Istanbul, Türkiye
Bringing two decades of cybersecurity expertise across professional services, telecom, financial, and energy sectors. Demonstrated leadership as Chief Information Security Officer (CISO), showcasing critical capabilities in cyber strategy, risk management, regulatory compliance oversight, and the establishment of robust cybersecurity frameworks. CISO leadership included driving initiatives that enhanced organizational resilience, fortified data security, and ensured compliance with industry standards. Proficient in key domains, with a focus on Information Security Management System (ISMS), Business Continuity Management System (BCMS), and GDPR compliance for personal data protection. Regulations and Standards: - ISO 27001 | Information Security Management System - ISO 22301 | Business Continuity Management System - PCI DSS | Data Security Standard - PCI PTS | PIN Transaction Security - KVKK | Turkish Data Protection Law & Regulations - BTK | Turkish Information and Communication Technologies Authority information security regulations - BDDK | Banking Regulation and Supervision Agency information security regulations - COBIT Processes: - Cyber Security Risk&Compliance Management - Log Management, Log Monitoring & Security Operations Center (SOC) - Security Incident Management - Identity and Access Management - Vulnerability Management - Supplier Audits - Information Security Awareness - Change Management - Performance Monitoring & Management - Balanced Scorecard methodology - Process Development and Improvement Data Security: - Data Classification and Labelling solutions - Data Loss Prevention solutions - Identity and Access Management solutions - SIEM & SOC Processes - Mobile Device Management Solutions Quality Management Systems: - ISO 27001 Lead Auditor - ISO 22301 Lead Auditor - ISO 20000 Internal Auditor - ISO 9001 Internal Auditor - ISO 14001 Internal Auditor - ISO 18001 Internal Auditor - EFQM Total Quality Management System
Lead and oversight the execution of the cybersecurity strategy & programme to protect PwC Turkey from cyber threats and foster business growth by enabling the achievement of business targets and objectives.
Responsible for ensuring ERGO Turkey’s compliance to information security and business continuity regulations, implementing risk and control governance framework, define cyber security strategy and improve security and business continuity maturity of the company Compliance Management Responsible for ensuring company’s compliance to following regulations and standards: - ISO 27001 Information Security Management System compliance - ISO 22301 Business Continuity Management System compliance - KVKK Turkish Personal Data Protection Law compliance - PCI DSS Payment Card Data Security compliance Governance, Risk & Control - Perform gap assessments, initiate gap closing actions and perform action follow-up - Regularly measure control effectiveness, compliance level to regulations and perform compliance reporting - Perform regular reporting to top management regarding the existing risk levels, mitigation action plan and outstanding risk items effecting the security posture of the company Cyber Security Strategy - Define cyber security road map of the company, determine critical cyber security initiatives and projects - İnitiate cyber security projects, provide guidance to implementation teams - Define requirements, provide status reporting to the management
- ISO 27001 compliance at Vodafone Turkey - ISO 27001 compliance at partners; Vodafone Net, Vodafone Northern Cyprus - PCI DSS compliance - Compliance of BTK information security and privacy regulations - Information security risk management - Information security awareness trainings - Balanced Scorecard, effectiveness management - Privacy management - Supplier and partner information security audits
ISO 27001 ISMS - ISO 27001 ISMS Implementation - Defining information security policies and standards - Information security risk and compliance management - Performing information security awareness trainings - Leading information security event management - PCI PIN Security compliance management - Leading Key Management activities - Leading Data Classification Project - Leading IDM Project - Leading Identity and Access Management activities - Administering Symantec DLP-Data Leakage Preventation System - Administering Symantec Datainsight-File Activity Manager
- ISO 27001 ISMS implementation and certification - ISMS Manager - ISO 9001, 14001, 18001 internal auditor - EFQM Quality Management System assessor - Content manager of corporate website, intranet and corporate blog