QUALIFICATIONS AND JOB DESCRIPTION
World of added values – DeFacto!
A Happiness Manager and a team which care about, solely work for your happiness… In other words +1 happiness!
A healthy life with a permanent sports trainer, fitness center and a quality life consultant… In other words +1 health!
If you fulfill the qualifications and basic functions, then come and Join DeFacto, come and bring +1 value to your life as well as ours and let’s Sprint to Future together!
Qualifications:
- Bachelor’s degree in relevant fields,
- Minimum 2 years of experience in IT related roles,
- Experience or understanding of security principles on application software development lifecycle,
- Know-how on security compliance and risk subjects,
- Knowledge and experience in basic security technologies, solutions and services such as SIEM, Firewall, WAF, IDM, DLP, PAM, URL Filtering , IPS, EDR, Antivirus, Data Classification, Data Discovery, Database Security, Web/Mobile Security Test Tools.
- Technical knowledge and experience for security, network, server & storage environment.
- Prepare/supports documentation of equipments and services according to company PCI-DSS, ISO 27001, ISO 27701, KVKK, GDPR etc. policies.
- Experience with SIEM tools and concepts
- Preferably holding related certifications is a plus. (CISSP, CEH, CISA, ISO 27001 LA etc.)
- Excellent communication capability,
- Good command of English,
Basic Functions:
- Managing the IT security framework, processes and security strategies in complying with DeFacto Group standards,
- Participating in all IT related audits and track the corrective actions for all IT risks and audit findings,
- Establishing and implementing the IT Risk Management business framework, related policies, and procedures,
- Assisting the Internal Audit Team related to IT General Controls reviews,
- Advising stakeholders on establishing and maintaining effective, compliant and secure IT systems and on implementing (IT or business) controls to limit the impact of existing and emerging technology risks,
- Defining security standards for infrastructure, devices, and applications,