Istanbul, Istanbul, Türkiye
I am a cybersecurity professional with 14+ years of experience in security architecture, compliance, and operations. I have led large-scale projects covering KVKK, PCI-DSS, ISO 27001, and worked closely with regulators such as BDDK, SPK, and SEDDK. My background combines deep technical expertise in infrastructure and operations with leadership in governance and risk management. I focus on building resilient, compliant, and business-aligned security programs.
I am part of the team involved in the establishment phase of the bank. Installing and managing security systems and products to ensure corporate security. Firewall management, IPSec, IPS, IDS, WAF, DLP, Proxy, Data Classification, SIEM, MDM, EPP, NAC, Vulnerability Management Creating and updating information security policies, procedures and process documents and submitting them to the Board of Directors for approval. From an information security perspective, to actively contribute to and support BS risk management studies in terms of the classification of information assets and confidentiality, integrity, and accessibility criteria for information assets. To monitor compliance with the legislation, standards, policies, procedures, and process documents of the Banking Supervision and Regulatory Agency of the Republic of Turkey. Contribute to the definition of information security requirements for major projects and changes. To comply with and monitor information system security regulations, inform senior management about information system security risks and management. Establishing policies to respond to cyber incidents, ensuring that necessary actions are taken within the framework of the policies, and ensuring communication with institutions such as BDDK and USOM within the framework of sectoral SOME. Performing vulnerability scans, information security controls and penetration tests or having them performed by the necessary units. To coordinate the employees reporting to him/her, to distribute tasks by taking into account their competencies, to monitor the fulfilment of their duties and responsibilities and to be responsible for their quality and timely fulfilment. Making the necessary arrangements for the preparation of the budget of the Directorate and monitoring compliance with the budget.
Oversee information security programs, including data protection, risk management, and compliance testing. Improve current compliance programs and processes. Develop, review, and modify information security and privacy policies. Design and conduct audit procedures to assess company compliance with security policies and procedures. Evaluate security incidents for violations of privacy principles or legal standards. Manage compliance testing and monitoring of present and future regulatory commitments, including the Sigortacılık ve Özel Emeklilik Düzenleme ve Denetleme Kurumu (SEDDK) in the insurance and private pension industry. Conduct internal security risk assessments and security compliance audits. Develop IT security audit procedures that align with KVKK (Turkey's GDPR), PCI-DSS (Payment Card Industry Data Security Standard), and other applicable regulations. Coordinate third-party audits. Develop policies, plans, and strategies to ensure compliance with laws, regulations, policies, and standards supporting organizational cybersecurity activities. Collect, analyze, and create reports for senior management, regulators, and other stakeholders. Document, investigate, and report cybersecurity compliance incidents and issues as needed. Collaborate with business leaders to review information security risk findings and implement effective solutions. Understand, develop, and deliver detailed reports on program status and conformity to frameworks and standards, including COBIT and ISO 27001. Take charge of identifying and resolving risk and compliance issues in collaboration with relevant stakeholders. Create and manage a vendor security and compliance program. Support the sales team in responding to RFPs and security questionnaires while keeping a record of security and compliance RFP responses.
Develop and implement security policies, standards, and procedures to maintain ongoing security. Additionally, oversee information security risk management and maintain global user awareness programs utilizing the latest security trends and topics. Also, ensure compliance with evolving laws and regulations such as PCI DSS, KVKK (Turkey's GDPR), and ISO/IEC 27001 Turkish Republic Presidential DDO.
Monitor, analyze, and troubleshoot network performance for the organization's LANs, WANs, and wireless deployments. Ensure stable network operation and optimize performance for the company. Install, configure, and maintain all network hardware and equipment such as routers, switches, firewalls, content filters, WAN optimizers, and other related devices. Respond to incoming calls, trouble tickets, and emails to resolve connectivity issues on the network. Practice effective network asset management, which involves creating and maintaining an accurate inventory of network components. Configure and implement Cisco switches, routers, and wireless LAN controllers for optimal network performance. Implement Checkpoint firewall solutions to safeguard against potential network security threats. Install and configure Palo Alto firewall solutions to enhance network security. Deploy Blue Coat proxy solutions to regulate user access to the internet. Implement Websense for enhanced web security.