Bilgi Güvenliği Müdürü

We are looking for an "Information Security Manager" for our company, which is a leader in the mobile application industry.

Job Description:

Develop and implement the company's information security strategy and architecture,

Design and maintain enterprise security architecture aligned with business and compliance requirements, (e.g., Zero Trust, defense-in-depth)

Coordinate Red Team and Blue Team activities and develop effective defense mechanisms against security threats,

Lead threat modeling, security design reviews, and architecture risk assessments for critical systems,

Manage compliance processes and conduct audits within the scope of PCI DSS, ISO 27001, and relevant regulations,

Oversee secure design and integration of cloud, on-premises, and hybrid environments,

Manage the cybersecurity incident response process and continuously improve detection and response capabilities,

Organize internal training sessions to enhance security awareness across departments,

Keep track of security technologies and threat trends to implement best practices within the company,

Manage vendor security assessments and third-party risk management processes,

Provide architectural guidance on security controls for applications, APIs, data flows, and infrastructure.

Requirements:

Bachelor’s or Master’s degree in Information Security, Computer Engineering, or a related field,

At least 5 years of experience in Red Team, Blue Team, and GRC, (Governance, Risk, Compliance)

Hands-on experience in designing secure architectures for complex IT environments, including network segmentation, identity federation, and encryption strategies,

Strong knowledge of PCI DSS, ISO 27001, and other industry-standard frameworks, (e.g., NIST, CIS)

Familiarity with cybersecurity threats, attack techniques, and defense methods,

Experience with enterprise security tools and technologies, (e.g., SIEM, Firewall, EDR, DLP, CASB, WAF, IAM)

Ability to manage security architecture documentation and review processes,

Strong analytical thinking, problem-solving, and crisis management skills,

Preferably holding security certifications such as CISSP (with ISSAP/ISSEP), SABSA, TOGAF Security, CISM, OSCP, or CEH.