Information Security Governance Expert (Halkalı Office)

Who We Are?

We are the technology leader of the aviation and air cargo industry in Turkey! We are an innovative and successful team that does not fit into the mold, constantly enlarges its target and pushes the standards in global competition...

We design and develop technology with the spirit of R&D, where human, engineering and software are the most perfect components. We use trend technologies such as big data, cloud computing, artificial intelligence, fintech, cybersecurity and blockchain which we can compete in the sky. We move forward confidently and successfully with the power of our knowledge and experience into the future.

Obviously, We don't dream too much as “what will happen in the future?”, because we are designing the future from today...

We are a strong team of more than 1700 valuable talents that shed their minds in offices equipped with modern technology in Istanbul, Ankara and Izmir. Team play is our favorite system! We focus on the same goal – winning – and continue to work together with the motivation to achieve this.

If you want to have your name in the success story of a globalizing company, we look forward to your application to the winners team!

About the role: Information Security Governance Expert

We are seeking an Information Security Governance Expert to join our team to ensure the effective implementation and continuous improvement of our information security governance processes, provide security assessments for ongoing projects, and contribute to the sustainable enhancement of our corporate information security culture.

In this role, you will be responsible for developing, implementing, and maintaining information security processes, as well as supporting technical security evaluations in areas such as application security, cloud security, and API security.

Key Responsibilities:

• Design, implement, and continuously improve information security governance processes in line with national and international standards (ISO 27001, ISO 22301, ISO 27701, NIST, etc.).

• Conduct security assessments and risk analyses of new and existing projects, providing security consultancy to project teams.

• Review the security architecture of internally developed and purchased applications, define security requirements, and ensure security controls throughout the development lifecycle.

• Define security requirements for cloud environments (IaaS, PaaS, SaaS) and support the design of architectural and operational security controls.

• Analyze security risks in API security, container security, and microservice architectures, and propose appropriate solutions.

• Support the execution of corporate security operations (vulnerability management, access management, incident management, etc.) and ensure process integration.

• Prepare, update, and manage the distribution of information security-related documents, such as policies, procedures, guidelines, and processes.

• Actively participate in internal and external audits, track findings, and follow up on remediation actions.

Qualifications:

• Bachelor’s degree in Computer Engineering, Electrical and Electronics Engineering, Information Systems, or related fields.

• Advanced knowledge and hands-on experience in information security management systems and frameworks (ISO 27001, ISO 22301, ISO 27701, NIST, COBIT, OWASP, etc.).

• Experience in managing information security risk and conducting risk assessments.

• Strong understanding of the secure software development lifecycle (SSDLC), with experience in secure development practices and DevSecOps methodologies.

• Knowledgeable in the security architecture of web, mobile, and API applications, with experience in threat modeling.

• Familiarity with security principles for major cloud service providers (AWS, Azure, Google Cloud, etc.).

• Experience in container technologies (Docker, Kubernetes, etc.) and securing microservice architectures.

• Strong skills in developing and managing information security documentation (policies, procedures, guidelines, and processes).

• Awareness of cybersecurity threats, vulnerabilities, and current attack techniques, with the ability to follow the latest developments in the field.

• Preferred certifications: CISSP, CCSP, CISM, or similar.

• Strong analytical thinking, problem-solving skills, and excellent communication abilities.

• Fluent in written and spoken English.

Benefits Of Working With Us

In addition to having the opportunity to grow and be challenged, and to be part of a life, our people enjoy a range of rewarding benefits:

• Flexible working arrangements, generous personal, parental and cultural leave
• Competitive remuneration
• Free and subsidized health and wellbeing services
• Discounts on a wide range of products and services
• Career development opportunities
• A buddy who will guide and accompany you during your onboarding process
• A great number of online courses and technical trainings that will support your development
• Personalized development plan for you
• Using CED & Pass Flight for travelling experience with your family
• Support payment for childcare

Be Yourself

We value the unique backgrounds, experiences and contributions that each person brings to our team and encourage and celebrate diversity.

If you would like to get to know more about Turkish Airlines Technology, please follow us on Instagram and LinkedIn;

https://www.instagram.com/turkishairlinstechnology/

https://www.linkedin.com/company/thyteknoloji/