QUALIFICATIONS AND JOB DESCRIPTION
This position is responsible for identifying, evaluating and reporting on information security and business processes risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
This position requires leadership that requires mastery of information security technologies, data security and privacy understnding and compliance approach.
This position is responsible for implementing processes and actions to protect data security and privacy.
He or she is responsible for the implementation of processes and actions to maintain PCI DSS, ISO 27001 and KVKK compliance.
Manage the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
Apply metrics to measure, monitor and report on the effectiveness of information security controls and compliance with information security policies.
Identifying security risks, creating and monitoring an action plan to eliminate risks
Maintaining ISO 27001 compliance and periodic audits and controls within this scope
Maintain corporate level certification standards (PCI DSS)
Development of processes and action plans to ensure the highest level of data security
Providing support for the management and implementation of projects to ensure data security
Consultancy on architecture and security requirements of cloud and internal applications
Improving processes for identity and access management
Management of the KVKK compliance program and the projects implemented within this scope,
Responsible for providing periodic and effective user awareness programs
Reports out on defined IT / Business privacy and security metrics
Desired Skills and Experience
Excellent written and verbal communication skills,
Proficiency in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Must be a critical thinker, with strong problem-solving skills.
Project management skills
Knowledge and understanding of relevant legal and regulatory requirements, such as PCI DSS,
ISO 27001, KVKK and BDDK regulations
Preferably have CISSP, CISM, CRISK certifications