If you want to be a part of the Tüpraş family, let's get to know each other better.
Who We Are?
Tüpraş is Türkiye’s leading energy producer and largest industrial company. With its four refineries located in İzmit, İzmir, Kırıkkale and Batman totalling to 30 million tons of annual crude oil processing capacity, Tüpraş is the 7th largest refining company in Europe. It is also one of the most complex refining companies in the Mediterranean basin. In addition to refining, Tüpraş operates with its subsidiaries, (OPET) focusing on fuel retail, (Ditaş Denizcilik) marine transportation, (Körfez Ulaştırma) railway transportation (Tüpraş Trading Ltd) crude oil and oil products trading and (Entek Elektrik) electricity generation. In 2021 The company launched its Strategic Transition Plan alongside its goal to become Carbon Neutral by 2050. In 2022, Tüpraş established its corporate venture capital arm, Tüpraş Ventures to invest in, partner with and support technology startups in its strategic focus areas, as well as energy transition solutions. (For further information on Tüpraş Strategic Transition Plan and focus business areas: Strategy - Tüpraş (tupras.com.tr)
What You’ll Do?
- Leading information security projects under their responsibility.
- Coordinating the organization's information security strategy initiatives.
- Providing information security consultancy and monitoring in projects and processes managed by other business units.
- Performing tasks within the annual PDCA (Plan-Do-Check-Act) cycle as part of the ISO 27001 Information Security Management System.
- Managing maturity analysis projects within the scope of other IT security quality regulations, standards, and frameworks (e.g., ISO 22301/2000/31000, SANS, NIST, Cobit, KVKK, GDPR, ITIL) and designing additional compliance controls as needed.
- Preparing and delivering presentations for the Information Security Committee and management review meetings, as well as following up on decisions and actions.
- Leading information security awareness efforts and designing and managing social engineering tests and campaigns.
- Working closely with Internal Audit, Risk Management, and Compliance teams to coordinate internal and external audit activities within the organization and monitoring action plans and management reporting.
- Fulfilling reporting and follow-up requirements within the scope of information security incident management and case analysis processes.
- Conducting log monitoring and review activities related to information security breaches and data security.
- Exploring improvement opportunities to address deficiencies in security strategies by reviewing information security best practices.
- Managing IT governance, risk, and compliance processes and leading automation transformation efforts.
- Establishing an IT internal control compliance program, monitoring it periodically, and delivering management reports.
- Providing process support in IT quality and ITIL processes.
What We Look For?
- Graduated from quantitative departments such as Computer Engineering, Software Engineering, Electrical-Electronics Engineering, Mathematics Engineering, etc.
- Minimum of 5 years of experience in different areas and roles within IT security.
- Proficient in written and spoken English.
- Able to think analytically, enjoy research, demonstrate an agile approach, possess strong communication skills, and have a high level of representation capability.
- Solution- and result-oriented, with a preference for working in a planned manner.
- Adaptable to multitasking and skilled in prioritizing work.
- Strong understanding of risk and control concepts.
- Knowledgeable, and preferably experienced, in information security requirements, governance, and best practices.
- Actively involved in transformation/implementation projects within frameworks and standards such as ISO 27001, ISO 27019, ISA-99/IEC 62443, COBIT, NIST SP 800-82, CIS, SANS, and other IT/OT security frameworks/standards/regulations.
- Experienced in data classification, data security, threat and vulnerability management, cyber incident management, and cloud security standards.
- Preferably holds internationally recognized certifications in various areas of information/cybersecurity (e.g., CISA, CISM, ISO 27001, ITIL-F, COBIT-F).
- Adaptable to a fast-paced and agile work culture.
- Great problem-solving, communication, and interpersonal skills.
- Thriving by different perspectives and showing flexibility.
- Having an analytical, innovative mindset, and taking initiative.
- A great team player with a go-getter attitude.
What’s In It For You?
- Trainings for technical and behavioral development under the leadership of Tüpraş Academy.
- Koç Academy training and development programs.
- Opportunity for rotation within Tüpraş and other Koç Group companies.
- Koç Ailem: Opportunity to benefit from a special privilege platform for Koç employees.
- Opportunities to take part in future-oriented work such as initiatives and innovation projects developed with agile approaches.
- Employee experience practices that focus on continuous improvement.
How will you be notified about the progress of the application process?
We will notify you by email at the end of each step. Therefore, we kindly ask you to actively check the mailbox (including junk/spam/junk folders) of the e-mail address you applied to.
*The only criterion evaluated in recruitment and employment is suitability for the job; equal opportunity is provided without any discrimination.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Intermediate Analyst, ICS Cybersecurity
2026-06-17
Engineering Manager
2026-06-16
Engineer, Projects (Technical Projects Department - GO)
2026-06-18
- Posted
- Jul 04, 2025
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Istanbul
- Company
- Tüpraş
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Intermediate Analyst, ICS Cybersecurity
2026-06-17
Engineering Manager
2026-06-16
Engineer, Projects (Technical Projects Department - GO)
2026-06-18