Insider One21.04.2026

Senior Information Security Engineer (Remote)

Full-TimeIstanbul

Обязанности

  • 01Drive the implementation, maintenance, and continuous improvement of the ISO 27001 Information Security Management System (ISMS), including control maturity tracking and audit readiness
  • 02Support SOC 2 Type II compliance efforts, including control implementation, evidence collection, and audit coordination
  • 03Conduct and document internal audits, manage findings, and follow up on remediation plans across teams
  • 04Own and evolve the company-wide risk management program, including risk register, scoring methodology, risk acceptance, and exception processes
  • 05Provide governance and security oversight for AWS environments, including cloud security posture, access controls, and configuration baselines
  • 06Collaborate with Red Team and Blue Team to track, prioritize, and close technical security findings
  • 07Maintain, update, and enforce security policies, standards, and procedures across the organization
  • 08Design and execute security awareness and training programs tailored to different roles (engineering, ops, business)
  • 09Lead third-party/vendor security assessments, including risk evaluation, tiering, and continuous monitoring
  • 10Support and coordinate security incident handling, reporting, and post-incident review processes
  • 11Contribute to data protection and privacy governance (KVKK, GDPR), including DPIA processes and data lifecycle management
  • 12Drive AI / LLM governance practices, including secure usage policies, data exposure controls, and risk assessments for AI tools
  • 13Act as a security consultant to business units and engineering teams, supporting secure architecture, design reviews, and risk-based decision making
  • 14Contribute to security architecture and design review processes, including threat modeling and secure design guidance
  • 15Coordinate and enhance business continuity and disaster recovery (BCP/DR) processes, including testing, documentation, and continuous improvement

Требования

  • 01Strong knowledge of ISO 27001, ISMS processes, internal audits, and control frameworks
  • 02Hands-on experience with risk management practices, including risk identification, scoring, and mitigation tracking
  • 03Experience in Business Continuity Management (BCM) and disaster recovery planning
  • 04Solid understanding of AWS services and cloud security governance, including IAM, logging, and baseline hardening
  • 05Familiarity with SOC 2 Type II framework and control domains
  • 06Understanding of data security concepts, including data classification, data inventory, and data protection mechanisms
  • 07Experience with vendor security and third-party risk management processes
  • 08Knowledge of privacy regulations such as KVKK and GDPR, including practical implementation
  • 09Familiarity with AI/LLM risks and governance concepts is a strong plus
  • 10Strong documentation and reporting skills for audits, compliance, and executive visibility
  • 11Experience in responding to customer security questionnaires and audits
  • 12Strong analytical thinking and ability to assess both technical and business risks
  • 13Ability to take ownership of security domains and drive initiatives end-to-end
  • 14Excellent written and verbal communication skills in English
  • 15Strong collaboration skills with both technical (engineering, DevOps) and non-technical teams
  • 16Ability to understand and communicate the business impact of security decisions
  • 17Capable of evaluating the security posture across cloud, application, endpoint, and data layers