Technology Risk Specialist

As KKB, we have been the symbol of sustainable trust in financial life for more than 25 years. With the support of our competent human resources and innovative vision in the field of financial technologies, we develop products and services that are recognized as reference points. We are proud of our dynamic and experienced human resources, which have contributed to our successes for a quarter of a century, and we are looking forward to welcoming new colleagues who will strengthen our synergy.

Would you like to be the newest member / a member of this qualified team that develops its business goals on a global scale in order to be an exemplary credit bureau to the world?

What we offer:

• We offer alternative working hours / that respond to today's needs and provide flexibility in managing your time,

• We care about you. For this reason, we are happy to provide you with a comfortable workspace as well as opportunities where you can improve yourself by acquiring new knowledge,

• We contribute to your career journey by providing unlimited training rights on platforms such as LinkedIn Learning, Pluralsight, covering the purchase of technical certificates and supporting your education in programs such as master's and doctoral programs,

• We know that learning and education continue for a lifetime and we bring together technical, professional and personal development training programs and development opportunities that we think can support you on your career path,

• With our social clubs, we support you to discover new hobbies and create a synergy with your teammates in a social environment,

• As an organization, we attach importance to employee volunteerism. All our employees can participate in social responsibility projects with non-governmental organizations under the umbrella of the KKB Volunteers Platform and we make a big difference with small acts of kindness,

• We care about your health; we offer you and your loved ones (spouse/children) a comprehensive health insurance package and title-independent life insurance coverage,

• We create a Corporate Contribution Private Pension plan for your future dreams,

• Considering their past seniority, we base our annual leave policy on their total seniority,

• Birthday leave and more awaits you

For more information about us, please visit the link:

What we look for:

• Develop appropriate risk remediation and improvement suggestions, guiding responsible stakeholders in implementing necessary controls and measures,
• Assess strategic, operational, and compliance risks related to information technologies within the organization and develop action plans to mitigate identified risks,
• Evaluate and monitor risk mitigation strategies to ensure they achieve stated goals and objectives,
• Produce reports documenting issues, including gaps, weaknesses, and related risk concerns, presenting identified risks and improvement areas to senior management,
• Contribute to enhancing Risk Management processes, materials, and our GRC tool, actively engaging in Risk Management initiatives,
• Identify and monitor key performance indicators and periodic targets regarding enterprise risk management,
• Maintain and update the enterprise information asset inventory in parallel with asset-based risk management activities and based on the requirements of Cybersecurity Directorate's publications,
• Participate in identity and access management activities (periodic review of the user accounts, access rights, roles and profiles (1st line control) of the IT assets and endpoints (server, database, application etc.), restructure and review the access rights, roles and profiles on the IDM tool based on business needs, responsibilities and job descriptions, review SoD matrix,
• Play a key role on periodic external audits of ISO 27001, ISO 20000, ISO14001, ISO27017, ISO 27701 framework managements system certifications and ensure necessary actions are taken to maintain ISO certifications and contribute to their implementation,
• Within the scope and requirements of ISO 27K standards, provide questionnaires / tests for raising and monitoring the awareness regarding information security, data privacy, cloud security etc.
• Minimum 2 years' experience in one or more of the following areas: Risk Management, Information Technologies, Compliance, Governance, Data Privacy / Protection, Information Security,
• Understanding on (or will to learn about) risk management lifecycle (including risk identification, analysis, and assessment methodologies),
• Knowledge of international frameworks (such as ISO 31000, COSO ERM etc.) and standards (including ISO 27001, COBIT, ITIL, PCI-DSS),
• Knowledgeable about BRSA's (BDDK) regulations on Information Systems, Cybersecurity Directorate's Information and Communication Security Guide,
• Has general knowledge on IT infrastructures, SDLC processes, change management, audit log management, network devices and data lifecycle management,
• Possess the fundamental understanding of Identity and Access Management policies and tools
• Fundamental understanding of Cloud technologies,
• Follow global technological trends and latest developments in information systems,
• Strong written and verbal communication, reporting, and presentation skills,
• Excellent planning, prioritization, coordination, analytical thinking, problem-solving skills, and ability to communicate effectively at all levels of the organization,
• Proactive, research-oriented, open to learning, and focused on continuous improvement,
• Certifications such as CISM, CISA, CRISC or ISO 27001 LA are highly valued (but not mandatory).

6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında kişisel verilerinizin işlenmesinden doğan haklarınıza ve bu konudaki detaylı bilgiye

adresinde yer alan aydınlatma metnimizden ulaşabilirsiniz.