Istanbul, Istanbul, Türkiye
As a Head of Information Security in large-scale organizations, I transform cybersecurity from a protective function into a strategic growth and innovation driver. I seamlessly coordinate audit, compliance, and management processes across local and global teams, embedding COBIT, ISO27001/20000, and IT governance standards into corporate culture. I lead EDR, XDR, xSOAR, SIEM, and SOC operations, shape pentest and hardening processes, and guide teams on security investments and technology decisions. Acting as a Cyber Security Advisor on critical projects, I align security with innovation and business value. Next goal: CIO / CTO, transforming enterprise technology strategies with security-driven innovation, agility, and sustainable growth.
- Transform information security from a protective function into a strategic growth and innovation driver. - Seamlessly coordinate audit, compliance, and management processes across local and global teams. - Embed COBIT, ISO27001/20000, and IT governance standards into corporate culture. - Lead and optimize EDR, XDR, xSOAR, SIEM, and SOC operations with a strategic vision. - Prioritize pentesting, hardening, and security investments while driving innovative solutions. - Act as a Cyber Security Advisor on critical projects, aligning security with innovation and business value. - Continuously assess enterprise risks and develop proactive security strategies. - Transform audit reports and compliance activities into strategic insights that support executive decision-making. - Represent cybersecurity leadership on national and international platforms through advisory and speaking engagements.
- Effectively manage Information Security, Risk, and Compliance teams, ensuring alignment with organizational goals. - Coordinate audit, management, and compliance activities between local Acibadem Healthcare teams and the global IHH team in accordance with international standards. - Lead the IT audit team, allocating tasks, controlling working papers, and overseeing both internal and external audits, including COBIT, ISO27001, and ISO20000 frameworks. - Oversee EDR, XDR, and xSOAR systems, forming specialized teams and providing technology advisory to optimize security operations. - Manage SIEM log management and SOC teams, ensuring efficient monitoring and rapid incident response. - Plan and execute annual pentest programs, security hardening activities, technology investments, and team training, driving continuous improvement.
- Improve IT processes in line with industry best practices to ensure operational excellence and security readiness. - Manage information security incidents, analyze monitoring results, and implement effective mitigation strategies. - Execute risk-based audit programs and coordinate IT risk management activities across the organization. - Provide technical leadership and security architecture for projects, including Identity & Access Management (IAM). - Design and implement information security policies and processes to strengthen governance and compliance. - Communicate effectively with stakeholders at all levels, aligning cybersecurity initiatives with strategic business objectives.
- Hold ISO/IEC 27001 Lead Auditor (Licence ID: #207268) and lead ISO 20001:2011 projects (Licence ID: #47133), ensuring compliance with international standards. - Record, review, and manage information security risks in accordance with CRISC principles, and coordinate IT risk management processes across the organization. - Evaluate projects from an information security perspective, providing guidance to all units to ensure secure operations. - Design and implement information security policies and processes, aligning governance, compliance, and business objectives. - Audit IT systems, assess outcomes, and ensure adherence to COBIT, PCI, ISO22301, GDPR frameworks, and Turkish banking regulations. - Develop and deliver training programs to enhance information security awareness and skills within the organization. - Monitor and ensure compliance with regulatory obligations, keeping up to date with current IT and cybersecurity legislation. - Leverage in-depth knowledge of security technologies and devices (Firewall, VPN, IPS, WAF, Proxy, SIEM, NAC) and communicate effectively with stakeholders at all levels.
- Provided strategic leadership in security-driven business development, aligning initiatives with international standards and local regulatory requirements (ISO 27001, COBIT). - Advised senior leadership on emerging cyber threats and significant security incidents, translating technical risks into executive-level insights. - Oversaw enterprise-wide incident management, strengthening detection and response capabilities and shaping the organization’s IT Security Plan. - Directed Log Management and SIEM correlation efforts, enhancing threat visibility and proactive defense mechanisms. - Led the security architecture and strategic direction of the Identity & Access Management (IAM) program, including access governance and lifecycle processes. - Championed IT risk management and audit activities, driving continuous improvement through process optimization and system assessments.
- Enhanced IT processes by aligning operations with industry best practices and driving continuous improvement initiatives. - Identified critical IT and security challenges and implemented timely, strategic solutions to strengthen overall system resilience. - Provided leadership in managing complex security infrastructures, including F5, Check Point, Juniper, Fortinet, Websense, Blue Coat, McAfee, Cisco, and Symantec technologies. - Oversaw end-to-end security event management, ensuring effective detection, analysis, and response across the organization. - Defined and governed IAM rules and controls, collaborating closely with operational teams to establish secure and scalable identity practices. - Led the technical strategy and security architecture for the organization’s Data Privacy Program, supporting compliance and safeguarding sensitive data.