Security, Risk & Control Specialist / Senior Specialist

getirfinans operates within Banking as a Service model, having established partnerships with players at banking sector.

What You’ll Be Doing

• Perform technology, cybersecurity and information risk assessments for new and existing products, services, vendors and projects, using industry-recognized frameworks (NIST, BRSA, KVKK etc.).
• Design, implement and periodically review internal controls to reduce or eliminate identified security and operational risks, including definition of key risk indicators (KRIs) and control testing plans.
• Lead and coordinate Business Continuity Management (BCM) activities: Business Impact Analysis (BIA), business continuity, crisis management procedures and regular tests/exercises.
• Assess the security and risk posture of digital banking and fintech applications to satisfy Information Security requirements and regulatory expectations (BRSA, NIST, KVKK, etc.).
• Collaborate closely with IT, Product, Operations and other business units to embed risk and security controls into the change and project management lifecycle.
• Support and deliver security & risk awareness programs to strengthen the overall risk culture across the organization.

What You’ll Bring

• Minimum 4 years of experience in Information Security, Technology Risk Management, IT Audit and/or Operational Risk (preferably in banking or fintech).
• Proven experience in performing technology/cybersecurity risk assessments, designing and testing controls, and managing compliance with relevant frameworks and regulations (e.g. BRSA, KVKK, ISO 27001, NIST).
• Solid knowledge of Cybersecurity and Information Security risk assessment methodologies and internal control concepts (e.g. control design, effectiveness testing, KRIs).
• Strong analytical, documentation and communication skills; ability to translate regulatory and security requirements into practical, business-friendly controls.

Diversity makes us stronger. Our diverse cultures, backgrounds, beliefs, values, abilities, and lifestyles help us learn from each other. We’re proud to strive for a genuinely diverse and inclusive workplace. We know we can do better though. That’s why we hire and promote people with equity and equality in mind.

We will process your personal data as part of our recruitment procedures. To find out more, please consult our Candidate Privacy Notice.