Information Security Specialist (Remote)

DeFacto Perakende Ticaret Anonim Şirketi

World of added values – DeFacto!

A Happiness Manager and a team which care about, solely work for your happiness… In other words +1 happiness!

A healthy life with a permanent sports trainer, fitness center and a quality life consultant… In other words +1 health!

If you fulfill the qualifications and basic functions, then come and Join DeFacto, come and bring +1 value to your life as well as ours and let’s Sprint to Future together!

Qualifications:

• Bachelor’s degree in relevant fields,
• Minimum 2 years of experience in IT related roles,
• Experience or understanding of security principles on application software development lifecycle,
• Know-how on security compliance and risk subjects,
• Knowledge and experience in basic security technologies, solutions and services such as SIEM, Firewall, WAF, IDM, DLP, PAM, URL Filtering , IPS, EDR, Antivirus, Data Classification, Data Discovery, Database Security, Web/Mobile Security Test Tools.
• Technical knowledge and experience for security, network, server & storage environment.
• Prepare/supports documentation of equipments and services according to company PCI-DSS, ISO 27001, ISO 27701, KVKK, GDPR etc. policies.
• Experience with SIEM tools and concepts
• Preferably holding related certifications is a plus. (CISSP, CEH, CISA, ISO 27001 LA etc.)
• Excellent communication capability,
• Good command of English,

Basic Functions:

• Managing the IT security framework, processes and security strategies in complying with DeFacto Group standards,
• Participating in all IT related audits and track the corrective actions for all IT risks and audit findings,
• Establishing and implementing the IT Risk Management business framework, related policies, and procedures,
• Assisting the Internal Audit Team related to IT General Controls reviews,
• Advising stakeholders on establishing and maintaining effective, compliant and secure IT systems and on implementing (IT or business) controls to limit the impact of existing and emerging technology risks,
• Defining security standards for infrastructure, devices, and applications,