Information Security Specialist

Sisal Sans, established in partnership with Sisal S.p.A and Demirören Holding, is an organization that provides services in both the retail and digital sectors, authorized to carry out the games of chance in Turkey for 10 years in 2020.

We are looking for an Information Security Specialist for our company, leading in Turkish gaming industry. The position reports to the Head of Information Security.

A brief job description of the position and preferred qualifications for the suitable candidates are defined below:

The ISSS is the person to ensure all the activities pertaining to protecting the confidentiality and integrity of the clients, employee, and any other related business data that is of great significance to the organization.

Essential Duties

• Monitoring regulations

-Monitor ISO 27001 & WLA SCS regulations to ensure that the compliance program is kept updated.

-Work closely with Compliance Team to monitor compliance with legislation provisions and documents related to information security

• Information Security Risk management

-Involves in risk definitions and assessment process within directives of his/her director in line with ISO 31000 standard.

• Information Security Governance

-Oversee and guide all the activities which falls within the Information Security Governance reference, within directives of Head Information Security in particular:

-Provides training to the new trainees and providing general oversight to all the business partners, employees, alliances, etc., to ensure appropriate information security clearance

-Provides details regarding the current security procedural and technological developments and any other related issues.

-Performs and/or involves internal and external audits to maintain security certifications,

-Prepares internal audit reports.

• Operations

-Manages PAM systems,

-Reviews firewall rules,

-Performs whitelisting, checks endpoints against vulnerable versions of the whitelisted applications. Reports unlisted applications

-Manages e-mail archiving system

-Manages DLP system

• Management Systems Governance

-Manage and perform certification processes of current ISO 9001, ISO 22301, ISO 27701, ISO 37001, ISO 37701 management systems and the ones will be obtained in future

-Prepare and update required documentation for related management systems

-Perform internal audit processes for mentioned systems,

-Perform non-conformity processes and follow-ups audit results,

-Provides training to the new trainees and providing general oversight to all the business partners, employees, alliances, etc., to ensure management system requirements are met,

-Follows changes on management systems standards.

-Manages administrative and operative activities on company document management systems,

Skills and Qualifications

• Well-spoken and written English,
• Bachelor's degree in computer science or any other relevant field,
• Deep knowledge of ISO27001 and related standards. Holding a valid ISO27001 Internal Auditor certification,
• Deep knowledge of ISO27701, ISO 22301, ISO 9001 standards. Holding a valid Internal Auditor certification,
• Hands on experience on managing QDMS platform,
• Hands on experience managing VATOS DLP system,
• Hands-on experience managing CyberArk PAM
• Deep knowledge of DLP, NAC, PAM & firewall concepts,
• Completion of CISSP, CISM, CISA, etc., would prove to be an added advantage.

“Suitability for the job is the only criterion evaluated in the recruitment and employment. We provide candidates with equal opportunity without any discrimination.”

“Please refer to https://sisalsans.com/tr/internal-kvkk to review our enlightenment notice on processing personal data pursuant to Law No. 6698 on Protection of Personal Data.”