As the IT GRC Team Leader, I am responsible for overseeing IT risk management, ensuring compliance with regulations, ISO 27001, and NIST standards, while maintaining the Information Security Management System (ISMS). I coordinate internal and external audits within the IT department, acting as the primary liaison for audit activities and ensuring that findings are addressed. I drive the development and improvement of IT processes and procedures, ensuring they align with business objectives and best practices. Additionally, I manage the quality of IT services by implementing robust frameworks and conducting regular process reviews. My role involves close collaboration with cross-functional teams to mitigate risks, enforce security standards, and ensure consistent compliance with ISO 27001, NIST, and other relevant frameworks. I leverage my knowledge of IT governance, risk management, and compliance to protect organizational assets, ensure continuous improvement, and maintain operational integrity.

As an information security senior specialist at Koç University, my main task is to ensure information security compliance in the IT department. My primary responsibilities are compliance with the Presidency Information and Communications Guide and ISO 27001 standards. I also design Minimum Security Standards, Business Continuity processes, ISMS processes, and IT Risk Processes, ensuring compliance with these processes. Additionally, I utilize Jira for project management and tracking progress. I plan and manage projects for digitizing information security processes and compliance controls within IT and automating compliance processes, incorporating IT governance, risk management, and business continuity principles.

As an Information Security Senior Specialist at Türk Eximbank, I had various responsibilities, including information security, business continuity management, compliance with regulations and laws related to information systems, coordination of IT units, and representation of the audit on the IT side for internal and external audit activities carried out within the scope of IT COBIT, ISO 27001, and Banking Information Systems Regulations. I also conducted business continuity tests and documentation. Moreover, I actively participated in information security awareness activities such as training, surveys, and cyber security bulletins throughout the bank. Furthermore, I implemented IT risk management processes following ISO 27001, COBIT, and Banking Information Systems Regulations. During my tenure, I gained hands-on experience in utilizing Jira for project management and task tracking.

I proactively took a 6-month hiatus from my professional career to dedicate myself to furthering my academic pursuits. I have consistently engaged in academic projects to advance knowledge within my field. Notably, during my 6-month hiatus from professional work, I prioritized completing writing processes for several publications stemming from my academic career. The projects I have been worked so far can be listed as: 1. ADAX (Attack Detection And Countermeasures Simulation) Project –ITEA3 – wins EUREKA Innovation Award 2017-(2013-2016)2. NETTSI Company " Deep Packet Inspection and Application Identification " 2021-2022.3. KRON A.S., "Cloud Based Privileged Access System ", Research Project, 2018-2020.4. TUBITAK 1003, "Cloud Based Privileged Access System ", PI, Research Grant, 2017-2021.5. Bogazici University Research Fund Grant " Deep Packet Inspection " 2021-2022.

My responsibilities include checking the technical specifications of purchases and following purchase operations, organizing the progress of technical units , ensuring relationship of technical units with each other.

Telecommunication senior specialist in ADSL network backplane and troubleshooting:2002-2004Security Senior Specialist in Turk Telekom security department: 2006-2008Managing and configuration of Commercial Firewalls, Antivirus Gateways and Content Filtering servers.I also participated in ISO 27001 process.