Istanbul, Türkiye
Cybersecurity executive with 20+ years of hands-on leadership across Turkey's most critical financial institutions — central clearing houses, stock exchanges, payment institutions, and banks. My career has been defined by building things from scratch. Security functions, compliance frameworks, governance architectures, IT audit units — I've built them all where none previously existed, and most are still in use today. At Takasbank, Turkey's central clearing and settlement institution, I unified all IT management disciplines onto a single governance platform and managed audits by BDDK, TCMB, SPK, and IOSCO with zero findings. At Finagotech, I currently lead information security and IT infrastructure operations across a multi-entity fintech group — delivering PCI DSS certification in 4 months and managing regulatory audits with zero findings. Beyond my operational role, I contribute to the profession through university-level cybersecurity education, ITIL and COBIT training delivered across the financial sector — having trained 250+ professionals now active in the industry — and governance framework research published at valuegovernance.com. Certified CGEIT · CISA · CDPSE · ITIL-MP · PMP · ISO 27001 LA
Finagotech is the technology arm of the group, serving Golden Global Bank and Morpara (A Ödeme) as its primary clients. Scope expanded in July 2025 to cover three IT teams — Information Security, Systems/DevOps, and Database Management. ▪ Oversee information security and IT infrastructure operations across the group, supported by outsourced infrastructure and operations partners. ▪ Led container migration project, transitioning virtual server infrastructure to containerised architecture — improving deployment reliability and scalability. ▪ Implemented automated deployment pipeline and DevSecOps practices across Finagotech and Golden Global Bank; integrated SonarQube and COBAS for continuous code quality and security gate enforcement. ▪ Launched ITSM platform across the group, standardising IT service delivery, change management, and incident management.
▪ Led information security strategy and operations for Finagotech, serving group companies Morpara (A Ödeme) and Golden Global Bank as Finagotech's technology arm. ▪ Developed and implemented ISO 27001, COBIT, and DORA-aligned security frameworks and policies across the group. ▪ Applied SDLC and ITSM best practices to prepare IT departments for regulatory audit readiness.
Concurrent group responsibility covering Morpara (A Ödeme) alongside primary Finagotech role. ▪ Achieved PCI DSS certification in 4 months — from scoping to award — ensuring full payment card data security compliance. ▪ Managed TCMB (Central Bank of Turkey) regulatory audit with zero findings. ▪ Leading DORA compliance programme, aligning operations with EU digital operational resilience requirements. ▪ Currently overseeing GRC system implementation; ISO 27001 certification programme underway.
▪ Delivered GRC system design, information security framework implementation, and cyber resilience strategic planning for financial sector clients. ▪ Founder and Lead Architect of the Value Governance Framework (VGF) — a published cybersecurity governance standard integrating ISO 27001, NIST CSF, and COBIT into a unified methodology that enables organisations to systematically improve and measure cybersecurity effectiveness and maturity. Published at valuegovernance.com.
Core founding team member; joined during the bank establishment phase before BDDK licence was granted. ▪ Built the bank's entire IT and information security infrastructure from zero in 5 months — IT systems secured BDDK regulatory approval without a single issue. ▪ Designed and implemented ITIL-aligned enterprise information security architecture; established IT Audit and IT Internal Control functions, authoring 50+ policies, procedures, and job descriptions from scratch.
Takasbank is Turkey's central clearing and settlement institution and a Borsa İstanbul Group company — systemically important financial market infrastructure. ▪ Achieved ISO 20000-1 certification in 6 months — from scoping to award. ▪ Unified all IT management (ITSM, GRC, Project Management, SDLC) onto a single BPMN platform (GoldenHorn) — a model recognised internationally and still in use today. ▪ Managed BDDK, TCMB, SPK, ISO 27001, ISO 22301, and IOSCO regulatory audits; conducted COBIT assessments across all three Borsa İstanbul Group companies. ▪ Managed global partner audits with HSBC, JP Morgan, Citibank, and Bank of America; received formal written commendation from HSBC UK Head of Security. ▪ Designed Takasbank's IT organisational structure — still in use today.
▪ Built the Security Operation Centre (SOC) for Borsa İstanbul Group from scratch — SIEM, SOAR, Red Team, and Threat Intelligence across three group entities. ▪ Managed Disaster Recovery Centre (DRC) tests for Borsa İstanbul Group, ensuring business continuity across all group companies. ▪ Coordinated ISO 27001, ISO 22301, and COBIT audits and penetration tests with international partners including JP Morgan, HSBC, and Bank of America. ▪ Managed the security programme for the Nasdaq Genium INet platform across Istanbul Stock Exchange and Clearing House.