Information Security Specialist, İstanbul | Koç Kariyerim

About

The role is responsible for ensuring that information security processes are aligned with standards, legal requirements, and industry best practices; analyzing and reporting the security, performance, and risks of Information Technology systems and processes in alignment with corporate objectives, and planning improvement actions accordingly. The position is also accountable for enhancing communication between business units and Information Technologies, identifying needs, proposing and tracking development initiatives, and carrying out corporate information security and awareness activities.

Job Description

• Manage and coordinate penetration testing, vulnerability management and cyber threat intelligence processes; track required mitigation actions and report outcomes.
• Monitor information security incident management and breach notifications; support analysis activities and the execution of preventive measures.
• Collaborate with IT and other business units to improve security standards and ensure that security requirements are integrated into infrastructure and project designs.
• Manage relationships with security vendors, including procurement, licensing and contract coordination.
• Monitor, control and report on technologies such as DLP, data classification, PAM, SIEM, SOC and IDM.
• Manage all risk assessment activities conducted by IT; define risk mitigation strategies and follow up on their implementation.
• Coordinate internal and external audits related to information technology and information security, track audit findings and support remediation projects.
• Ensure that information security policies, procedures and guidelines are kept up to date.
• Monitor relevant legal requirements, regulations and compliance obligations and implement necessary updates.
• Prepare, track and report information security awareness programs.
• Perform periodic controls under the scope of information security management and take necessary actions.
• Play an active role in business continuity and disaster recovery activities and coordinate related tests.
• Ensure the IT Service Desk is structured in accordance with ITIL processes; support its management and continuous improvement.
• Provide guidance and coordination in the creation and maintenance of service catalogs; definition and update of SLA/OLAs; and clear identification of service scopes and expectations.
• Ensure regular monitoring, measurement and reporting of SLA performance and manage improvement actions.
• Support the execution of incident management, request fulfillment, problem management and change management processes for IT services.
• Conduct process maturity assessments to improve IT service quality and actively participate in improvement projects.
• Support the operation of IT asset management and configuration management processes.

• Bachelor’s degree from a four-year university program (preferably in ComputerEngineering, Software Engineering, or Information Technologies).
• Minimum 3 years of experience in information security.
• Strong written and verbal English proficiency.
• Proficient in information security processes and practices; closely follows emerging technology trends.
• Knowledgeable in identity management, account and access security (PAM, IAM, IDM).
• Experienced with Security Operations Center (SOC) processes, operations and technologies (SIEM, SOAR, event monitoring and incident response).
• Skilled in security products and technologies such as firewalls, IPS, EDR, web security, cloud security, DLP, data discovery, data classification and vulnerability scanning tools.
• Strong understanding of network security processes and methodologies.
• Possesses strong communication, coordination, monitoring and problem-solving skills; analytical and proactive.
• Experienced in standards such as ISO/IEC 27001, COBIT, ITIL, CIS and KVKK.
• Preferably holds a recognized information security certification (ISO 27001 Lead/Internal Auditor, CISA, CRISC, CISM, CISSP, ITIL, etc.).
• Experienced with ticketing and ITSM tools (ServiceNow, Jira Service Management, 4Me, ManageEngine, Ivanti, etc.).
• Capable of designing processes, improving operational workflows and maintaining strong documentation discipline.
• Experienced in the software development lifecycle (SDLC) and application security (DevSecOps, SAST/DAST, OWASP, etc.).
• Able to travel and work flexibly for audit and project activities.