Information Security Manager

Requirements

• 7+ years of experience in information security management, ideally within a regulated financial institution (financial services, banking, or payments)
• Relevant certifications, such as CISM, CISSP, ISO 27001 Lead Implementer
• Knowledge of BDDK BS regulation, KVKK, ISO 27001, PCI-DSS, and COBIT
• A university degree in computer engineering, information systems, or related field
• Expertise in managing outsourced IT and InfoSec services
• Experience delivering localised IT and InfoSec policies aligned with regulatory standards
• Excellent stakeholder management and communication skills

What you'll be doing

• Classifying information assets according to security requirements and maintaining detailed asset and data inventories
• Developing, implementing, and regularly updating information security policies, procedures, and standards in line with regulatory requirements (BDDK, ISO 27001, PCI-DSS)
• Establishing identity authentication mechanisms and network security control systems according to regulatory standards
• Protecting confidential information and managing limited access permissions for third-party service providers and vendors
• Establishing and managing cyber incident response processes
• Identifying, assessing, and prioritising information security risks across systems, networks, and data assets while monitoring mitigation controls
• Overseeing periodic vulnerability assessments and penetration tests and tracking the remediation of identified weaknesses
• Ensuring full alignment with BDDK's IT regulations, KVKK, and other applicable frameworks while supporting regulatory audits
• Designing and testing business continuity and disaster recovery plans to ensure operational resilience
• Conducting information security awareness activities, including bulletins, communications, and regular phishing simulation tests
• Providing regular reporting to the board, senior management, and regulatory bodies regarding security posture and control effectiveness