Information Security Engineer - Governance

Responsibilities

• Development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security, risk, and compliance.
• Good knowledge of operating systems, network infrastructure, firewalls, and database security,
• Identifying security risks, creating and monitoring an action plan to eliminate risks
• Maintaining KVKK, GDPR, PCI-DSS, ISO 27001, BDDK, TCMB and ETK compliance and periodic audits and controls within this scope. Also, help the Technology team in the phase of implementation of these regulations.
• Taking part in periodic and effective user awareness programs
• Helping to reduce information security risks generated inside Trendyol 
• Monitor and manage the security risks coming from third parties
• Conduct technical reviews for new features and identify security, privacy, and compliance risks. Work closely with technical and non-technical teams, including Engineering, Product and Legal in order to mitigate security, privacy and compliance risks.
• Fluency in English

Expected Qualifications

• 5+ years of experience in security
• Proficiency in developing information security policies and procedures
• Proven records of executing programs that meet the objectives of excellence in a dynamic environment
• Play a key role in driving large cross-company security, privacy, and compliance reviews of products and features.
• Being a critical thinker, with strong problem-solving skills and also having project management skills
• Manage information security related incidents,
• Knowledge and understanding of relevant legal and regulatory requirements, such as PCI-DSS, KVKK, GDPR, TCMB, and BDDK regulations
• Having CISSP certification
• 2+ years of experience with Security Risk Management and Banking regulations
• Having experience with coding and system design review