Türkiye
With 10+ years of experience in information security, currently serving as Head of Engineering in Information Security at Trendyol Group, I contribute to securing digital ecosystems through strategic leadership and technical expertise. My work focuses on building resilient security frameworks, empowering teams, and fostering a robust cybersecurity culture within the organization. Passionate about implementing effective security measures, I collaborate with cross-functional teams to mitigate risks and ensure compliance with industry standards. Dedicated to aligning security initiatives with organizational goals, I aim to provide secure and scalable solutions that support business growth.
• Lead 5 specialized security teams Security & Risk Management, Data Security, Security Architecture & Engineering, IAM, and Privileged Access Management to define and execute the organization’s security vision, strategy, and long-term roadmap. • Oversaw security governance across data protection, identity, architecture, and operational risk, ensuring alignment with engineering, product, and business priorities. • Established Security KPIs/KRIs and maturity metrics to measure progress, drive accountability, and continuously improve the organization’s security posture. • Directed cross-functional initiatives to embed secure-by-design practices into engineering workflows, guiding architectural decisions, application security baselines, and platform-level controls. • Strengthened data protection capabilities by maturing classification, discovery, DLP, and data lifecycle governance; ensured standardization of asset security models across the organization. • Led enterprise-wide IAM and PAM strategy, including identity lifecycle governance, RBAC/ABAC model design, access policy standardization, and privileged account security controls. • Oversaw risk management programs including regulatory compliance (ISO 27001, GDPR/KVKK, PCI DSS, SOX etc), third-party risk, cyber risk assessments, and business continuity initiatives. • Partnered with senior leadership to align security outcomes with business objectives, manage resource planning, and steer multi-year security transformation programs. • Enabled operational excellence by guiding roadmap execution, unblocking delivery challenges, optimizing team workflows, and ensuring transparent communication with executives and stakeholders. • Built a high-performing security organization through coaching, role clarity, capability development, and the creation of scalable processes for decision-making and prioritization.
• Led end-to-end security initiatives across data protection, access governance, vulnerability management, and compliance, ensuring alignment with organizational security goals. • Coordinated comprehensive risk assessments for systems, applications, and third parties, improving remediation speed and overall risk posture. • Strengthened organizational defense posture by coordinating Red Team exercises, managing Blue Team response improvements, and maturing detection capabilities. • Oversaw end-to-end incident management processes, ensuring rapid triage, effective containment, and cross-functional post-incident learning. • Oversaw development and enhancement of core security policies and standards, including identity governance, data security, secure design, and operational controls. • Directed implementation and maturity efforts for DAM, data classification, and discovery capabilities to strengthen sensitive data protection. • Guided evaluation, rollout planning, and security integration activities for CASB, improving cloud visibility and protection coverage. • Enhanced detection and response capabilities by maturing logging, monitoring, DLP, endpoint protections, and incident readiness processes. • Standardized identity lifecycle processes and strengthened privileged access management practices across diverse environments. • Supported and coordinated major compliance workstreams such as PCI DSS, ISO 27001, GDPR/KVKK, SOX, ensuring audit readiness and closure of key findings. • Led strategic security initiatives including cyber risk insurance readiness, vendor risk assessments, and cross-team remediation programs. • Built organization-wide security awareness by running training cycles, partnering with engineering teams, and driving secure-by-design adoption in projects.
• Supported PCI DSS compliance activities across multiple business units and contributed to overall audit readiness. • Performed secure code analysis and coordinated vulnerability scanning, reporting, and remediation follow-up. • Managed log standardization efforts and contributed to improving operational visibility. • Supported DLP-related work, including product evaluation and planning for implementation. • Conducted risk assessments using both initial and updated methodologies and contributed to third-party risk evaluations. • Participated in KVKK/GDPR alignment efforts, maintained the personal data inventory, and completed required regulatory submissions. • Reviewed and restricted database access for sensitive environments and contributed to improvements in authorization structures. • Supported identity governance initiatives aimed at strengthening access control practices. • Coordinated penetration testing activities and contributed to incident response planning and readiness. • Contributed to security awareness initiatives and to the improvement of internal documentation and processes.
• Supported information security requirements by reviewing project designs for alignment with security expectations. • Conducted vulnerability scans using Nessus and contributed to follow-up actions and reporting. • Assisted in DLP monitoring and web filtering to ensure secure operations. • Participated in customer and bank audits by preparing documentation and supporting compliance activities. • Helped develop and deliver basic security awareness efforts and contributed to general security operations.
• Conducted internal control reviews adhering to COBIT guidelines, emphasizing user access management and DS10 controls. • Documented control gaps and actively supported remediation efforts to enhance governance and operational reliability. • Evaluated processes to ensure alignment with internal policies and compliance expectations, contributing to improved IT governance.
• Supported audit and assurance work within Risk Assurance Services at PwC. • Assisted in documentation, testing steps, and process evaluations to enhance team efficiency. • Gained valuable exposure to risk-focused assessment practices in a corporate environment.