About the Role

We are seeking an Information Security Manager who will play a key role in shaping and implementing our company’s security strategy. This position requires both technical expertise and governance capabilities, ensuring compliance with regulatory requirements (BDDK, KVKK, NIST, CIS) while managing security technologies, processes, and audits. The role will collaborate closely with IT, software, legal, and infrastructure teams to strengthen our security posture and support our digital transformation journey. This position reports directly R&D Director and focuses on process management rather than direct team management.

Responsibilities

Security Strategy & Governance

1. Define, implement, and maintain the company’s information security strategy
2. Develop security policies aligned with BDDK regulations, NIST, CIS benchmarks, and other global best practices
3. Lead security awareness activities, including internal trainings and communication campaigns
4. Manage regulatory, internal, and holding-level audits, including evidence preparation, coordination, and closure of findings
5. Coordinate Business Continuity and Disaster Recovery (DR) testing, reporting results to senior management
6. Oversee IT governance, policy, procedure, and documentation updates

Security Operations & Tools

1. Manage endpoint ,data and database security solutions (EDR, DLP, Guardium, Titus, NAC)
2. Ensure security of DevOps/Kubernetes environments with tools like Twistlock and Fortify
3. Track IT asset inventory (servers, user devices, routers, switches, software compliance etc.) with systems like Asset Explorer and Jamf Pro
4. Oversee vulnerability management (Nessus, Endpoint Central) and ensure timely remediation
5. Administer MDM solutions for user devices and mobile security

SOC / SIEM Monitoring

1. Monitor and manage SIEM processes (QRadar)
2. Ensure proper collection of server logs (Windows/Linux) and healthy agent operations
3. Collaborate with KoçSistem SOC for rule creation, alert definitions, and monthly review meetings

Testing & Risk Management

1. Organize and coordinate penetration testing for applications, projects, and systems before go-live
2. Follow up on Red Team test findings conducted by the Holding, ensuring mitigation actions
3. Support risk assessments, impact analyses, and business continuity planning

Compliance & Data Protection

1. Support KVKK processes in collaboration with the legal team, including data processing inventory, VERBIS registration, and annual updates
2. Manage routine data disposal and incident response coordination in case of a data breach
3. Ensure compliance with GDPR/KVKK technical and administrative safeguards

Vendor & Procurement Management

1. Participate in security budget planning, procurement, and vendor management processes
2. Conduct product research, POCs, proposal evaluations, and contract follow-ups
3. Manage supplier due diligence processes (Koçdiligence) and license/service renewals
4. Oversee IT contract management and ensure seamless coordination with the Legal Department

Qualifications

1. Bachelor’s degree in Computer Science, Engineering, or related field
2. 3–5 years of experience in information security, IT risk, and/or cybersecurity roles
3. Hands-on experience with SIEM, SOC monitoring, and vulnerability management tools
4. Familiarity with endpoint and data security solutions (SIEM, EDR, DLP, MDM, MAM, Guardium, Titus, NAC, etc.)
5. Understanding of DevSecOps concepts and security in containerized environments (Kubernetes, Twistlock, Fortify)
6. Knowledge of regulatory frameworks and standards (NIST, BDDK, KVKK, GDPR, CIS)
7. Strong communication, coordination, and problem-solving skills

Why Join Us

1. Work in one of the largest financial services technology ecosystems in Turkey
2. Take part in projects where security, compliance, and innovation are top priorities
3. Collaborate with cross-functional teams in an environment that embraces digital transformation and cutting-edge technologies
4. Opportunities for professional development, certifications, and exposure to new-generation security tools
5. Be part of five star Certificated Agile Organization
6. Be a part of Certificated Best Employer Company

“6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında kişisel verilerinizin işlenmesinden doğan haklarınıza ve bu konudaki detaylı bilgiye https://www.kocfinans.com.tr/tr/kariyer/kocfinansli-olmak adresinde yer alan aydınlatma metnimizden ulaşabilirsiniz.”