Head of Information Security

About the Team
At Trendyol Tech, our mission is to create a positive impact in our ecosystem by enabling commerce through technology.
We solve complex problems with data, creativity, and agility — always driven by real outcomes. With a culture built on learning, collaboration, and ownership, we grow together while building what’s next.
About the Role
As the Head of Information Security, you will lead security architecture, governance, risk management, and compliance initiatives while embedding security-by-design principles across technology and business teams. Working closely with senior stakeholders, you will strengthen the organization’s security posture and foster a strong security culture in a fast-paced environment.

Responsibilities

• Define and lead the overall security risk, compliance, and governance strategy aligned with organizational objectives and regulatory requirements.
• Establish and continuously evolve enterprise-wide frameworks, policies, and standards covering information security, risk management, compliance governance, and control monitoring.
• Provide strategic leadership across security engineering, risk management, and compliance teams, ensuring alignment between operational execution and long-term organizational goals.
• Oversee regulatory compliance programs (e.g., GDPR, PCI-DSS, ISO 27001, SOX, local regulations) and ensure audit readiness and sustainable control environments.
• Drive enterprise risk assessment processes, define risk appetite in collaboration with senior leadership, and oversee mitigation strategies.
• Partner with executive stakeholders, including Engineering, Product, Legal, Internal Audit, and senior business leaders, to embed security and governance practices into business operations.
• Lead third-party risk management, vendor compliance programs, and external regulatory relationships where applicable.
• Define KPIs, metrics, and maturity models to measure effectiveness of security and governance programs and drive continuous improvement.
• Foster a strong security culture through awareness initiatives, training programs, and proactive communication across the organization.
• Define and drive the enterprise-wide data security strategy, ensuring robust safeguards for sensitive information across cloud services, applications, and endpoints.
• Lead the security architecture and design of the company's projects, initiatives and infrastructures.
• Build, mentor, and scale high-performing teams while establishing strong leadership pipelines.

Expected Qualifcations

• Bachelor’s or Master’s degree in Information Security, Engineering or a related field.
• Minimum 10 years of experience in information security, compliance, governance, or risk management roles including significant leadership experience.
• Proven track record of building and scaling enterprise security governance frameworks and compliance programs.
• Proficiency in security design and architecture.
• Significant experience in data security such as data leakage prevention and data classification.
• Deep understanding of regulatory environments and standards such as ISO 27001, GDPR, PCI-DSS, SOX, or similar.
• Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer) are preferred.
• Strategic thinker with the ability to influence and guide decision-making at the executive level.
• Excellent leadership, communication, and stakeholder management skills.
• Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies.
• Fluency in English (written and verbal).