Original listing text, shown exactly as published by the company.
What You Will Do
- Drive the implementation, maintenance, and continuous improvement of the ISO 27001 Information Security Management System (ISMS), including control maturity tracking and audit readiness
- Support SOC 2 Type II compliance efforts, including control implementation, evidence collection, and audit coordination
- Conduct and document internal audits, manage findings, and follow up on remediation plans across teams
- Own and evolve the company-wide risk management program, including risk register, scoring methodology, risk acceptance, and exception processes
- Provide governance and security oversight for AWS environments, including cloud security posture, access controls, and configuration baselines
- Collaborate with Red Team and Blue Team to track, prioritize, and close technical security findings
- Maintain, update, and enforce security policies, standards, and procedures across the organization
- Design and execute security awareness and training programs tailored to different roles (engineering, ops, business)
- Lead third-party/vendor security assessments, including risk evaluation, tiering, and continuous monitoring
- Support and coordinate security incident handling, reporting, and post-incident review processes
- Contribute to data protection and privacy governance (KVKK, GDPR), including DPIA processes and data lifecycle management
- Drive AI / LLM governance practices, including secure usage policies, data exposure controls, and risk assessments for AI tools
- Act as a security consultant to business units and engineering teams, supporting secure architecture, design reviews, and risk-based decision making
- Contribute to security architecture and design review processes, including threat modeling and secure design guidance
- Coordinate and enhance business continuity and disaster recovery (BCP/DR) processes, including testing, documentation, and continuous improvement
What You Will Need
- Strong knowledge of ISO 27001, ISMS processes, internal audits, and control frameworks
- Hands-on experience with risk management practices, including risk identification, scoring, and mitigation tracking
- Experience in Business Continuity Management (BCM) and disaster recovery planning
- Solid understanding of AWS services and cloud security governance, including IAM, logging, and baseline hardening
- Familiarity with SOC 2 Type II framework and control domains
- Understanding of data security concepts, including data classification, data inventory, and data protection mechanisms
- Experience with vendor security and third-party risk management processes
- Knowledge of privacy regulations such as KVKK and GDPR, including practical implementation
- Familiarity with AI/LLM risks and governance concepts is a strong plus
- Strong documentation and reporting skills for audits, compliance, and executive visibility
- Experience in responding to customer security questionnaires and audits
Soft Skills & Expectations
- Strong analytical thinking and ability to assess both technical and business risks
- Ability to take ownership of security domains and drive initiatives end-to-end
- Excellent written and verbal communication skills in English
- Strong collaboration skills with both technical (engineering, DevOps) and non-technical teams
- Ability to understand and communicate the business impact of security decisions
- Capable of evaluating the security posture across cloud, application, endpoint, and data layers
- Comfortable acting as a trusted advisor and consultant to internal stakeholders
- Proactive mindset with a focus on continuous improvement
Additional Expectations
- Willingness to provide on-call support for security-related incidents when necessary
- Ownership of security projects from planning to execution and closure
- Ability to track, validate, and close findings from audits, pentests, and internal reviews
- Experience working with ticketing systems (Jira, etc.) to manage security tasks and follow-ups
- Actively contributes to team collaboration, knowledge sharing, and process improvement
- Ability to communicate clearly with internal teams, auditors, and external stakeholders
- Maintains a positive and solution-oriented mindset in a fast-paced environment
