Internal Controller

İngenico Ödeme Sistemleri A.Ş.

We are looking for an Internal Controller who is reporting to the Group Internal Control and ORM Director, that ensure the implementation and effective operation of the Internal Control framework within Turkey entity.

Main responsibilities are detailed below:

Permanent controls

• Design with 1st line of Defense the Permanent controls to implement to mitigate their risks

• Coordinate with Internal Control team to standardize and get homogenized permanent controls within the Group and to enforce them inside Group Policies & Procedure

• Ensure regular review of permanent controls

• Build KPIs and reports to escalate conclusions of permanent controls completion to Top Management

IT

• Provides objective evaluations of security controls, mechanisms and goals in comparison to best practices.

• Ensures policies, procedures, standards, and system configurations are documented and tracked

• Recommends, manages, and implements required changes to IT control & risk & security policies and procedures.

• Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations

• Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

Operational Risk Management

• Support the mapping of Operational Risks (in relationship with ERM team)

• Deploy the approach and methodology for ORM to increase Risk awareness in Turkey entity Compliance

• Ensure that all compliance policies and procedures are in place and up-to-date

• Develop and oversee control systems to prevent and deal with violations of regulatory requirements and internal policies

• Promote, in collaboration with other departments and functions, a strong compliance culture within the organisation, including through training and communication programmes

• Monitor regulatory developments and best practices and provide ongoing advice and analysis on the regulatory landscape relevant to the organisation

• Act as the point of contact regarding data protection matters 

• Regularly report to Chief Group Compliance Officer on key matters

Qualifications:

• IT audit / security certification(s): CISA, CISM, CRISC CISSP etc.

• Min. 5 years’ experience in IT audit, IT risk management, compliance or control

• Knowledge on frameworks such as COBIT, PCI, ITIL, ISO27001, ISO22301, ISO2000 etc.

• An understanding of operational risk management and implementation in practice or have a strong interest to develop expertise in this area

• Experience in data analysis and presentation of results (MS Excel, MS PowerPoint)

• A great communicator, able to interact with stakeholders at all levels in multiple locations

• Able to multitask, work on different projects in parallel and drive things forward

• Able to surface and address issues, control deficiencies and emerging risks

• Able to provide practical solutions to sustainably remediate and minimize risks and control deficiencies

• Able to work with tight deadlines

• Fluent in English and Turkish

This description of responsibilities and missions is non exhaustive. It may be amended from time to time

based on the business needs