Experience

Cyberwise

• Türkiye
• Computer and Network Security
• 200 - 300 Employee

• Senior Consultant, IT and Payment Systems Security

  • Jan 2019 - Present

  Istanbul, Turkey * Acting as a mentor for the Audit and Consultancy Services Department. * Handling quality assurance process for; o Payment Card Industry Data Security Data Security Standards (PCI DSS) audits, o Information Security Management System (ISO27001: 2013) Standard audits, o SWIFT audits, o Personal Data Protection Law (KVKK) audits, o IT Security GAP Analysis, o Company’s formal IT documentation… Show more * Acting as a mentor for the Audit and Consultancy Services Department. * Handling quality assurance process for; o Payment Card Industry Data Security Data Security Standards (PCI DSS) audits, o Information Security Management System (ISO27001: 2013) Standard audits, o SWIFT audits, o Personal Data Protection Law (KVKK) audits, o IT Security GAP Analysis, o Company’s formal IT documentation preparation. * Giving high-level support to the project teams and making referrals. * Giving support for the consultancy services such as; o Payment Card Industry Data Security Standards (PCI DSS) and payment card best practices implementation, o Designing, implementation, management and maintaining information security management systems/services, o ISO27001 (Information Security Management System) Standard and implementation, o Personal Data Protection Law (KVKK) implementation and readiness, o Cyber security controls and services, implementation and management. * Conducting IT Security audit services within the projects. * Conducting Supplier Chain IT audit services within the projects. Show less



Freelance, self-employed

• IT and Payment Systems Security Consultant

  • Feb 2013 - Present

  Istanbul, Turkey * Giving consultancy services in expertise areas such as; - Payment card industry standards (PCI DSS, PCI SSP (PA-DSS), PCI PTS, PCI 3DS SDK) and payment card best practices implementation, - Designing, implementation, management and maintaining information security management systems/services, - ISO27001 (Information Security Management System) Standard and siblings (ISO27002, ISO27003, ISO27004 and ISO27005) implementation, - BS25999/ISO22301 (Business Continuity Management)… Show more * Giving consultancy services in expertise areas such as; - Payment card industry standards (PCI DSS, PCI SSP (PA-DSS), PCI PTS, PCI 3DS SDK) and payment card best practices implementation, - Designing, implementation, management and maintaining information security management systems/services, - ISO27001 (Information Security Management System) Standard and siblings (ISO27002, ISO27003, ISO27004 and ISO27005) implementation, - BS25999/ISO22301 (Business Continuity Management) Standard implementation, - ICT infrastructure security health check, - Cyber security controls and services, implementation and management, - Cyber security monitoring and response infrastructures, - Cyber incident and information breach management and response, - High availability/OLTP technology environments, banking and high volume payment/transaction processing & finance infrastructure’s, - Risk management strategies, implementation and orchestration, - System analysis, design, implementation and management, - Contingency planning, disaster recovery and business continuity management, - ICT infrastructure design and implementation, - Systems/infrastructures performance analysis and tuning. * Conducting Payment Card Industry Data Security Data Security Standards (PCI DSS) audits for merchants and service providers as an Qualified Security Accessor (PCI QSA), * Giving coaching services in "IT Management Strategies" and "IT Security" topics for the finance, telco and logistic sector service companies, * Giving coaching services for the IT and payment card industry security audit readiness, * Giving training related to; - Payment card industry standards and best practices (PCI DSS, PA DSS, PCI PTS), - Information security management, - ISO27001 & ISO22301, - Data centre management, - IT Audit preperation. Show less



ISSA Turkey Chapter

• Türkiye
• Non-profit Organization Management

• Board Member responsible for Academic Relations, CISO Club Director

  • May 2012 - Sep 2020

  Istanbul, Turkey Workings as a Board Member who is responsible for Academic Relations and CISO Club for the Information Systems Security Association (ISSA)® Turkey Chapter. Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.



Cyberwise

• Türkiye
• Computer and Network Security
• 200 - 300 Employee

• IT Security Consultant

  • Jun 2013 - Aug 2016

  Istanbul, Turkey - Auditor as a PCI DSS QSA, - Performed consultancy services for the following areas; • Payment Card Industry Standards (PCI DSS, etc.) and payment card best practices implementation, orchestration and security, • Designing, implementing and managing information security management system, • Contingency Planning, Disaster Recovery and Business Continuity Management, • ISO27001 Standard implementation, preparedness for the certification and training, • BS25999/ISO22301… Show more - Auditor as a PCI DSS QSA, - Performed consultancy services for the following areas; • Payment Card Industry Standards (PCI DSS, etc.) and payment card best practices implementation, orchestration and security, • Designing, implementing and managing information security management system, • Contingency Planning, Disaster Recovery and Business Continuity Management, • ISO27001 Standard implementation, preparedness for the certification and training, • BS25999/ISO22301 Standard implementation, preparedness for the certification and training, • Risk management system and strategies implementation, - Performed Information Security Auditing for the service providers of the banks. Show less



BKM A.Ş.

• CISO, SVP Governance Risk and Compliance

  • Jun 2011 - Jan 2013

  Istanbul, Turkey Related job covers the topics at below.; - Developed and implemented policies, standards and guidelines related to corporate security policies, - Led the implementation of risk assessment program, - Developed and implemented company cyber security management policies and procedures, - Contributed to the vulnerability assessments, threat hunting, anomaly detection processes with respect to international standards and corporate cyber security procedures to commensurate company… Show more Related job covers the topics at below.; - Developed and implemented policies, standards and guidelines related to corporate security policies, - Led the implementation of risk assessment program, - Developed and implemented company cyber security management policies and procedures, - Contributed to the vulnerability assessments, threat hunting, anomaly detection processes with respect to international standards and corporate cyber security procedures to commensurate company business initiatives, - Oversaw the continuous monitoring and protection of facilities, personnel and information systems, - Established and monitored formal certification programs regarding enterprise security standards, - Managed timely and appropriate review of material and repetitive compliance issues as indicators of possible gaps and weaknesses in policies and procedures or risk identification processes , - Established compliance calendar that identifies all important dates by which regulatory and compliance matters must be completed, - Coordinated and assisted external audits with the domestic and international regulatory bodies, - Acted as a coordinator for the business continuity and disaster recovery programs and led the business continuity team of the company, - Monitored national and international developments (standard setters, regulators, technology suppliers, etc.) related to the company’s strategic plan, - Managed security control functions related to corporate information systems and data centers as a Chief Information Security Officer, - Participated and represented company in the committees at domestic and international bodies and government regulation and supervision platforms.

• CISO, Technical Services Director

  • Sep 2005 - May 2011

  - Led and managed Technology Services department which handles company’s all IT related services including 24 by 7 operation of the nonstop on-line transaction processing National Switch Centre and the other mission critical services for the Turkish banking system. - Through strategic expertise and team leadership, drove pro-active plans within the reliability, availability, security and data integrity principles, and set direction to operations for the continuous IT services to all member… Show more - Led and managed Technology Services department which handles company’s all IT related services including 24 by 7 operation of the nonstop on-line transaction processing National Switch Centre and the other mission critical services for the Turkish banking system. - Through strategic expertise and team leadership, drove pro-active plans within the reliability, availability, security and data integrity principles, and set direction to operations for the continuous IT services to all member banks. - Oversaw and followed up the related groups within deep expertise in performance analysis, tuning and capacity modeling concepts for the systems of mission critical environment. - Determined ICT infrastructure needs, budgeting, positioning and timing within the context of projects for the company’s business objectives. - Directed strategy and execution of all the technical issues and IT services of the company. - Orchestrated and led the related teams to form Information Security Management System and to achieve an ISO27001 certificate for the company.



BKM A.S.

• Head of Operations

  • Oct 1997 - Jul 2005

  Istanbul, Turkey • Led and managed Technology Services department which handles company’s all IT related services including 24 by 7 operation of the nonstop on-line transaction processing National Switch Centre and the other mission critical services for the Turkish banking system. • Through strategic expertise and team leadership, drove pro-active plans within the reliability, availability, security and data integrity principles, and set direction to operations for the continuous IT services to all member… Show more • Led and managed Technology Services department which handles company’s all IT related services including 24 by 7 operation of the nonstop on-line transaction processing National Switch Centre and the other mission critical services for the Turkish banking system. • Through strategic expertise and team leadership, drove pro-active plans within the reliability, availability, security and data integrity principles, and set direction to operations for the continuous IT services to all member banks. • Oversaw and followed up the related groups within deep expertise in performance analysis, tuning and capacity modeling concepts for the systems of mission critical environment. • Used strong communication and stress management skills to minimize the impact of any outages in mission critical environment and coordinate the related groups to carry out incident management plan. • Determined ICT infrastructure needs, budgeting, positioning and timing within the context of projects for the company’s business objectives. • Directed strategy and execution of all the technical issues and IT services of the company. • Provided high level guidance and leadership on all manner of compliance issues, such as PCI DSS, to the related parties, for which the company is obliged to by the international card associations. • Managed and implemented security issues including PIN security concept of the international card associations as a Security Supervisor. • Led and coordinated related ICT groups to achieve successful results from the audits and reviews which were set by the international card associations and other regulatory bodies. • Improved and updated business continuity and disaster recovery plans for mission critical services, according to the changes in ICT environment. • Orchestrated and led the related teams to form Information Security Management System and to achieve an ISO27001 certificate for the company.

• System Specialist

  • Mar 1992 - Sep 1997

  Istanbul, Turkey • Performed the key tasks for the operations and management of the nonstop on-line transaction processing switch system and other systems under responsibility area. • Developed operational specific macro’s for basic operator tasks to implement easy operations for the systems in mission critical environment. • Used extensive system analyst expertise to orchestrate and support the implementation of monitoring online transaction processing environment. • Developed and managed… Show more • Performed the key tasks for the operations and management of the nonstop on-line transaction processing switch system and other systems under responsibility area. • Developed operational specific macro’s for basic operator tasks to implement easy operations for the systems in mission critical environment. • Used extensive system analyst expertise to orchestrate and support the implementation of monitoring online transaction processing environment. • Developed and managed performance analysis, system tuning, capacity planning and modeling schemes within deep systems expertise. • Planned and maintained the implementation and control of systems hardware and software upgrades and new installations. • Determined the needs and expectations of the member banks from the National Switch System and provided high level guidance and coordinated the necessary action plans for that demands. • Developed statistical, availability, performance and capacity reports about the outcomes of the National Switch System at regular time periods. • Developed and implemented business continuity and disaster recovery plans for mission critical services of the company. • Acted as a Security Supervisor for company for the PIN security issues, which were set and mandated by the international card associations. • Performed and managed necessary PIN security operations using Thales/Racal HSMs for the member banks on behalf of the company due to rules and regulations which were set and mandated by the international card associations. • Completed the Turkish Interbank Switch Centre Project.



Koç-Unisys A.Ş.

• System Support Specialist

  • Aug 1988 - Mar 1992

  İstanbul, Turkey and Milton Keynes, UK • Performed and managed site preparation including system room infrastructure for the customer sites of the company. • Performed and managed hardware and software installation of UNISYS mainframe and mid-range systems and UNISYS front-end communication processors at customer sites. • Worked as a member of the Lead Team for the UNISYS EMEA Support Data Centre setup in UK. • Coordinated and managed the systems and front-end installations for the customer specific projects and… Show more • Performed and managed site preparation including system room infrastructure for the customer sites of the company. • Performed and managed hardware and software installation of UNISYS mainframe and mid-range systems and UNISYS front-end communication processors at customer sites. • Worked as a member of the Lead Team for the UNISYS EMEA Support Data Centre setup in UK. • Coordinated and managed the systems and front-end installations for the customer specific projects and orchestrated all the IT related parties till the end of the projects. • Determined and planned software upgrades of the customer systems and managed the upgrades at customer sites. • Developed and implemented necessary action plans for the customer software and site support. • Gave formal trainings to the customers related to system management, administration and security concepts. • Interviewed with customers in order to improve the customer satisfaction and prepared audit and statistical reports related to customer reviews. • Performed the key tasks for the operations and management of the company’s internal systems. • Completed the “National Lottery Association Network”, “National Judicial Investigation Network”, “Turkish Navy Network” and “Turkish Customs Police Network” projects. Show less



Kutlutaş MMM Ltd.

• System Analyst & Programmer

  • Jun 1985 - Jul 1988

  Ankara, Turkey • Performed the key tasks for the operations and management of the company’s computer centre. • Determined and planned software upgrades of the company’s computer systems. • Developed and improved programs for payrolls, accounting and stock control for the company and parent companies. • Restructured applications for the company’s services to the customers and internal usage. • Collected and analyzed engineering data and prepared statistical reports for the General… Show more • Performed the key tasks for the operations and management of the company’s computer centre. • Determined and planned software upgrades of the company’s computer systems. • Developed and improved programs for payrolls, accounting and stock control for the company and parent companies. • Restructured applications for the company’s services to the customers and internal usage. • Collected and analyzed engineering data and prepared statistical reports for the General Management. • Controlled, managed and organised data entry centre of the Company. Managed and improved batching and processing. • Determined the needs of the centre and implemented necessary actions. • Performed Help Desk support for the company’s customers. Show less



Orta Doğu Teknik Üniversitesi / Middle East Technical University

• Türkiye
• Higher Education
• 700 & Above Employee

• Student Advisor

  • Jun 1984 - Jul 1985

  Ankara, Turkey • Worked as a Student Advisor to guide students for solving problems relate to their devoirs and usage based problems during their appointment-based terminal work at the datacenter. • Worked as an Assistant System Analyst and System Operator. • Worked as an assistant lecturer for the recitation hours.