Insider One21.04.2026
Senior Information Security Engineer (Remote)
Full-TimeIstanbul
Обязанности
- 01Drive the implementation, maintenance, and continuous improvement of the ISO 27001 Information Security Management System (ISMS), including control maturity tracking and audit readiness
- 02Support SOC 2 Type II compliance efforts, including control implementation, evidence collection, and audit coordination
- 03Conduct and document internal audits, manage findings, and follow up on remediation plans across teams
- 04Own and evolve the company-wide risk management program, including risk register, scoring methodology, risk acceptance, and exception processes
- 05Provide governance and security oversight for AWS environments, including cloud security posture, access controls, and configuration baselines
- 06Collaborate with Red Team and Blue Team to track, prioritize, and close technical security findings
- 07Maintain, update, and enforce security policies, standards, and procedures across the organization
- 08Design and execute security awareness and training programs tailored to different roles (engineering, ops, business)
- 09Lead third-party/vendor security assessments, including risk evaluation, tiering, and continuous monitoring
- 10Support and coordinate security incident handling, reporting, and post-incident review processes
- 11Contribute to data protection and privacy governance (KVKK, GDPR), including DPIA processes and data lifecycle management
- 12Drive AI / LLM governance practices, including secure usage policies, data exposure controls, and risk assessments for AI tools
- 13Act as a security consultant to business units and engineering teams, supporting secure architecture, design reviews, and risk-based decision making
- 14Contribute to security architecture and design review processes, including threat modeling and secure design guidance
- 15Coordinate and enhance business continuity and disaster recovery (BCP/DR) processes, including testing, documentation, and continuous improvement
Требования
- 01Strong knowledge of ISO 27001, ISMS processes, internal audits, and control frameworks
- 02Hands-on experience with risk management practices, including risk identification, scoring, and mitigation tracking
- 03Experience in Business Continuity Management (BCM) and disaster recovery planning
- 04Solid understanding of AWS services and cloud security governance, including IAM, logging, and baseline hardening
- 05Familiarity with SOC 2 Type II framework and control domains
- 06Understanding of data security concepts, including data classification, data inventory, and data protection mechanisms
- 07Experience with vendor security and third-party risk management processes
- 08Knowledge of privacy regulations such as KVKK and GDPR, including practical implementation
- 09Familiarity with AI/LLM risks and governance concepts is a strong plus
- 10Strong documentation and reporting skills for audits, compliance, and executive visibility
- 11Experience in responding to customer security questionnaires and audits
- 12Strong analytical thinking and ability to assess both technical and business risks
- 13Ability to take ownership of security domains and drive initiatives end-to-end
- 14Excellent written and verbal communication skills in English
- 15Strong collaboration skills with both technical (engineering, DevOps) and non-technical teams
- 16Ability to understand and communicate the business impact of security decisions
- 17Capable of evaluating the security posture across cloud, application, endpoint, and data layers