We are looking for a “Risk and Governance Specialist” for our consultancy project.

Qualifications

• 3+ years information security and/or related technology experience and track record in information security and risk management,
• Bachelor's degree, preferably in computer science or engineering,
• Knowledge and experience in Cybersecurity, IT and Governance frameworks such as NIST, ISO 27001/27002, SOX, PCI/DSS, GDPR, KVKK, COBIT, ITIL,
• Solid knowledge of security principles and practices,
• Practices and methods of IS strategy, enterprise architecture and security architecture,
• Excellent verbal and written communication skills in English,
• Knowledge and experience in the following topics are desired,
• Windows and Linux based operating systems,
• Network protocols, routing and switching,
• Firewalls, IDS/IPS, WAF, EDR and SIEM,
• Vulnerability management and threat management,
• Professional security management certification, such as a CISA, CISM, ISO27001 LA or other similar credentials is desired,
• Experience in developing, documenting and maintaining security procedures.
• Strong analytical and problem-solving skills,

Job Description

• Work on the definition of risk and information governance policies,
• Identify risks in the treatment of information that may compromise the Information Security of the corporate assets, through the analysis of processes / projects / systems,
• Manage regulatory compliance, especially KVKK (GDPR), audits and policy compliance,
• Ensure that there is an appropriate information security culture throughout the company,
• Carry out the analysis of the processes and identify risks in the critical assets of the company,
• Proactively manage information security risks, propose corrective measures for identified risks,
• Coordinate the implementation of the information risk operating model in the company,
• Execute the Information Security training and awareness plan,
• Provide support to the business areas in terms of privacy,
• Consolidation of metrics and KPIs related to the effectiveness of the controls associated with the reported risks,
• Supervise compliance with the Business Continuity processes defined for critical information assets,
• Work closely with Bupa in matters of risk management and information governance.
• Security assessment of critical suppliers of the company,
• Ensure that the governance of information is carried out according to the standards and policies defined by the company, Bupa and regulatory bodies,
• Consolidation of metrics for the periodic report to Bupa on the degree of compliance with the Information Security policies under the responsibility of information security.