Who we are?

We are a consumer finance company with more than 100 employees which provides financing solutions to retail and corporate customers, focusing mainly on automotive sector. Koçfinans was established in 1995 as Turkey's first and leading financing company. We specialize in offering innovative financing solutions, managing funding strategies, and ensuring smooth treasury and banking operations.

About the Role

We are seeking an Information Security Manager who will play a key role in shaping and implementing our company’s security strategy. This position requires both technical expertise and governance capabilities, ensuring compliance with regulatory requirements (BDDK, KVKK, NIST, CIS) while managing security technologies, processes, and audits. The role will collaborate closely with IT, software, legal, and infrastructure teams to strengthen our security posture and support our digital transformation journey. This position reports directly R&D Director and focuses on process management rather than direct team management.

Responsibilities

• Define, implement, and maintain the company’s information security strategy and governance framework
• Develop and manage security policies in line with regulatory and industry standards (BDDK, NIST, CIS, KVKK, GDPR)
• Lead security awareness initiatives, internal trainings, and communication programs
• Manage regulatory, internal, and holding-level audits, including remediation and reporting
• Coordinate Business Continuity and Disaster Recovery (DR) planning and testing
• Oversee security operations, including endpoint, data, database, and mobile security solutions
• Ensure security of DevOps and containerized environments (Kubernetes)
• Manage vulnerability assessments, penetration testing, and Red Team remediation activities
• Monitor and manage SIEM/SOC operations and log management (QRadar)
• Support risk assessments, incident response, and data protection processes
• Manage security vendors, procurement, licensing, and contract coordination with Legal

Qualifications

• Bachelor’s degree in Computer Science, Engineering, or related field
• 3–5 years of experience in information security, IT risk, and/or cybersecurity roles
• Hands-on experience with SIEM, SOC monitoring, and vulnerability management tools
• Familiarity with endpoint and data security solutions (SIEM, EDR, DLP, MDM, MAM, Guardium, Titus, NAC, etc.)
• Understanding of DevSecOps concepts and security in containerized environments (Kubernetes, Twistlock, Fortify)
• Knowledge of regulatory frameworks and standards (NIST, BDDK, KVKK, GDPR, CIS)
• Strong communication, coordination, and problem-solving skills

What We Offer

• Hybrid working model
• Private health insurance
• Flex benefits package
• Agile development teams
• Sports club in campus
• Online psychologist and dietician support
• Birthday leave

“6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında kişisel verilerinizin işlenmesinden doğan haklarınıza ve bu konudaki detaylı bilgiye https://www.kocfinans.com.tr/tr/kariyer/kocfinansli-olmak adresinde yer alan aydınlatma metnimizden ulaşabilirsiniz.”