Information Security Risk&Governance Specialist İş İlanı
İşveren Hakkında
QUALIFICATIONS AND JOB DESCRIPTION
Work onthe definition of risk and information governance policies.
Identify risks in the treatment of information that may compromise the Information Security of the corporate assets, through the analysis of processes / projects / systems.
Manage regulatory compliance, especially KVKK (GDPR), audits and policy compliance.
Ensure that there is an appropriate information security culture throughout the company.
Carry out the analysis of the processes and identify risks in the critical assets of the company.
Proactively manage information security risks, propose corrective measures for identified risks.
Coordinate the implementation of the information risk operating model in the company.
Execute the Information Security training and awareness plan.
Provide support to the business areas in terms of privacy.
Consolidation of metrics and KPIs related to the effectiveness of the controls associated with the reported risks.
Supervise compliance with the Business Continuity processes defined for critical information assets.
Work closely with Bupa in matters of risk management and information governance.
Security assessment of critical suppliers of the company.
Ensure that the governance of information is carried out according to the standards and policies defined by the company, Bupa and regulatory bodies.
Consolidation of metrics for the periodic report to Bupa on the degree of compliance with the Information Security policies under the responsibility of information security.
3+ years information security and/or related technology experience and track record in information security and risk management.
Bachelor's degree, preferably in computer science or engineering.
Knowledge and experience in Cybersecurity, IT and Governance frameworks such as ISO 27001/27002, NIST, SOX, PCI/DSS, GDPR, KVKK, COBIT, ITIL.
Solid knowledge of security principles and practices.
Practices and methods of IS strategy, enterprise architecture and security architecture.
Excellent verbal and written communication skills in English.
Knowledge and experience in the following topics are desired:
Windows and Linux based operating systems
Network protocols, routing and switching
Firewalls, IDS/IPS, WAF, EDR and SIEM
Vulnerability management and threat management
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials is desired.
Experience in developing, documenting and maintaining security procedures.