Information Security Specialist

Tüpraş

Tüpraş is looking for an Information Security Specialist for Cyber Security and Risk Department located in Head Office, Körfez/Kocaeli  

QUALIFICATIONS 

 • Bachelor degree or above in the field of information systems and technologies, engineering, MIS, other technical departments 

• Strong understanding of information security principles, practices and frameworks 

• Good verbal and written English communication skills 

• Being an Agile minded team player, having good communication skills 

• Motivated for strong problem solving, proactive and analytical skills 

• Effective communication skill • Minimum 5 years of experience in relevant positions 

• Knowledge of information security principles, including data classification, data privacy, data protection, threat and vulnerability management, incident response, identity and access management, cloud security concepts and standards compliance (ISO 27001, ISO 22301, ISO 27019, GDPR, KVKK, EPDK, ITIL, BTK etc.) 

• Knowledge in security tools and products, including SIEM, URL Filtering, Firewall, IPS/IDS, Vulnerability Scanners, EDR, Sandbox etc. 

• Knowledge of new security trends (security analytics, SOAR, AI, Elastic search, UEBA, Cyber intelligence service etc.) 

• Good knowledge and experience on information risk management & assessment, current security controls and defining new controls and solutions 

• Preferably having related certifications (CISSP, CISA, CISM, ISO 27001, CRISC, etc.) 

• For male candidates, military service must be completed or postponed for at least two years  

JOB DESCRIPTION 

• Perform on ISMS requirements (ISO 27001) 

• Build & execute IS security processes, RACIs, KPIs, procedures, guidelines and ensure relative awareness of all involved stakeholders 

• Establish IT quality management program, define and measure metrics and KPIs 

• Execute information security internal audits according to the annual audit plan  

• Evaluate the efficiency, effectiveness and adequacy of internal control environment for both IT and OT systems 

• Manage the data security and privacy solutions according to legal and local requirements 

• Design data leakage detection/prevention rules and create a strategy to analyze/report the related incidents to the management 

 • Lead and coordinate other IT departments in terms of information security standards/laws/regulations and industry best practices 

• Communicate with the relevant unit responsible to review the status of the previous risks, corrective action plans and action's completed time 

• Responsible to ensure that the information security compliance is considered in projects, initiatives, new implementations and operational tasks 

• Manage the information security incidents by identifying risk/trends and taking corrective actions with other responsible teams 

• Establish Information Security awareness program and execute the program across the company 

• Carry out basic ITIL processes (Incident, Problem, Request, Change, Event, Configuration etc.)