ISACA Authorized Training Provider for CISA, CISM, CGEIT, CRISC

Our Chapter was chartered as the 33rd chapter of the Information Systems Audit and Control Association® (ISACA®) on December 2nd, 1978. The South Florida chapter includes approximately 1,300 members in the South Florida region, which spans a large geographic territory, including The Keys & Key West, Miami, Fort Lauderdale, West Palm Beach, Boca Raton, Naples, Fort Myers, and Port St. Lucie.My membership in ISACA Global began as of March 1st, 2002, I took part in the foundation of ISACA Istanbul Chapter and foundation of ISACA Ankara Chapter as a Board Member and Founder President consecutively. I am a Platinum Member and joined ISACA Global Leaders Summits (GLS) & many international events. Currently I serve as the elected President (after 2 years of serving as a Membership Director) in ISACA South Florida Chapter as of 05/12/2022, and will be continuing to serve happily for ISACA with professional pride, and the principle of each ONE teach ONE... As ISACA, we are ONE!https://engage.isaca.org/southfloridachapter/home

Established strategies, program and implemented them for compliance for the foundation, implementation &/or maturing the processes, internal/independent audit readiness & certification for the ISO 27XXX Information Security Management Standards of Roche Products (uPath, Avenio Connect, NMP Navify Mutation Profiler, etc.) in a) ISMS (ISO 27001), b) Cloud Security Controls (ISO 27017), c) Public Cloud Privacy Management System (ISO 27018), d) PIMS - Privacy Information Management System (ISO 27701) & other standards/frameworks such as e) GDPR & California Consumer Privacy Act (CCPA) & relevant parts of COBIT Controls Framework, CCM (Cloud Controls Matrix) Cloud Security Alliance CSA, NIST CSF Cybersecurity Framework, all integrated under ISO 13485. Performing Risk assessments, leading & facilitating RCSA and consolidate & follow-up of action plans with ISMS Asset Owners "Commercial, Cybersecurity, Development, DevOps & ProdOps, HR, Legal, Supplier Management (including Third Party & Vendors), Technical Project Management, Validation & Verification and ISMS Management" through the Cloud Trust Framework (CTF) & Privacy Information Management Sytem (PIMS) using SecTool (Customized GRC Tool) & JIRA.The SME work contract was extended twice for the certification of two more diagnosis products / services / processes in addition to uPath and project achieved success with ISO 27001 Certifications of uPath, Avenio Connect, NMP Navify Mutation Profiler, with independent audit, ending by July 2023.

Head Auditor in Charge - Head of IS / IT Risk Management Services reporting to the Board of Capital Markets (SPK) and Presidency of Revenue Management (GIB). IT Audit Performance and Reporting, Risk Management Consulting, Project Management for IT Improvement and Implementation of Standards for clients. Engagement and Audit Proposal, Managing Audit Teams, Report and Engagement Quality Partnership and Consultancy, Training, and representing the company and its services in professional organizations locally, or in international affairs, like ventures and/or consultancy programs.Global reach within GGI - Geneva Group International for Information Systems Audit, Information Security, IT Risk Management, GDPR, IT Governance and IT Process Management Services, ISMS. Moreover, training and implementation of COBIT, ISO 27001, ISO 20000, etc. frameworks and exam preparation training for CISA, CISM, CRISC, CGEIT designations. Oversight and Board Advisory role for the IT Audit, IT Risk and Control Services operations.

Took part in Agile Audit Pilot Project, for SDLC audit. Supported Issue Validation efforts. The JD is mentioned as: Directing and supervising the planning, fieldwork, reporting, and findings follow-up through the successful timely execution of audits included in the internal audit plan. Build and use RACM for TOD/TOE methodology and perform Issue Validation. Use of audit / documentation / evidence recording / communication / follow-up etc. related automated tools and techniques within the audit process. Provide strategic and proactive consultation in a) identifying risks to the achievement of management objectives, b) determining effective and efficient risk mitigation, c) maintaining key business relationships, and d) identifying themes, trends, and emerging risks for escalation. In addition, supporting and providing for the development and training of Senior and Staff Auditors.

Information & Cyber Security Risk Assessment of Vendors & Third Party Service providers. Formal &/or periodical reporting of the assessment results, risks, improvements & changes to TDA Business Units. Information & Cyber Security Risk Assessment of Vendors & Third Party Service Providers for TDAmeritrade, using work papers based on NIST, SOX, SOC, ITGC, PCI, ISO 27001 requirements & SIG Framework (in 14 domains). Review of SOC Reports, PCI, ISO, Privacy & other audit reports, Test Results, ISMS documents, policies & standards, control environment & interviews with third parties. Formal &/or periodical reporting of the 3PRM assessment issues, results, risks, improvement opportunities to TDA Business Units. Supported processes until the completion of TDA-Schwab SRM merger. •Conduct third party risk assessments aligned with ISO 27001:2013, ISO 22301 and NIST 800-53 Rev 4 standards.•Perform in-depth information security related assessments of new & existing vendors leveraging SIG based questionnaires & evidence.•Review completed SIG questionnaires based on vendor inherent risk.•Perform & complete new & existing assessments on vendors & third parties. •Leveraging Client vendor assessment methodology that includes questionnaires, evidence requirements, & interviews with vendors & internal stakeholders to appropriately assess controls as: security risk managementprivacy & security policies & governance organizational securityasset managementphysical & environmental securitycommunications & security operations management access controls of systems & applications, cryptography & encryption controls, information systems acquisition development & maintenanceoperations security third party relationship managementvulnerability & threat managementincident event & communications managementbusiness continuity & disaster recovery compliance with regulatory & industry standardscloud controls relating to infrastructure, platform, & SaaS•Document & report risks.

DISYS – Digital Intelligence Systems – Consultant Contractor in CARRIER Corporation Global HQ - Palm Beach Gardens, FL – Role: IT/DT Security & GRC Policies Lead, CISO Office – As UTC (United Technologies) parent company, Carrier & Otis firms are separated for spinoff with standalone strategy; I helped Carrier Digital Technology Management levels in reviewing GRC Program & Information Security Policies, build GRC (Governance, Risk and Compliance) Policies Life Cycle & Cadence, map current policies & control standards with ISO 27001 and make gap analysis of the Control Framework in relation to DFARS, SOX, PCI, HIPAA, ISO 9001, 20000, 27001 & COBIT before the separation. In addition, I helped in forming the requirements for GRC Policies Management function in adapting S-NOW (Service Now) Platform & implement GRC Policies Life Cycle in the tool.

-OPTIV -CRISC Training 2024-ISACA South Florida Chapter, ISO27001 Training - Global 2022-CISM Training ISACA Belgrade Chapter-INNOVA (ITC) Quality & InfoSec. Dept: CISA Training & Exam Prep -ASELSAN IT Risk & Compliance Department: CISA Training Exam Prep -TEB Kosova HQ-Information Security Management Training, Audit&Assessment-YURTKUR-Credit&Hostels Institution-Service Quality Standards & IT Assessment (EU Project)-SUNAR Group (Corn, Agriculture&Oil)–Consultancy&Training-ISO27001 ISMS Certification of 4 different companies, for EU Customs Requirements (YYS)-AGT Advanced Tech. Wood Industry–COBIT4.1&COBIT5 Training&Workshop -BOTAS–Petroleum Pipeline Corporation–ISMS ISO27001 Impl. Training&Certification -PTT–Turkish Postal Services–COBIT4.1 Process Risk/Maturity Assessment&Framework Training-CobiT Impl.-TURKAK–Turkish Accreditation Agency–ISMS ISO27001 Impl.&Internal Audit Training-Felda Iffco–Edible Oil & Margarine Manufacturing-Information Security&ISO27001 Training-Kartonsan Cardboard Manufacturing–Information Security&ISO27001 Implementation Training-Insurance Association of Turkey–COBIT 4.1 Training&COBIT 5 Comparison-ERICSSON Mobile–ITIL Information Technology Infrastructure Library (&CobiT benchmark) Training-Figensoft Mobile Tech–InfoSec & ISO27001 Training-METU-IT Department–Full COBIT 5 Training-TEPE Service & Management Company– ISO27001 Impl., Audit & Training/Certification-TUBITAK– Cyber Security Institute (SGE) ISO27001, ISO31000, Audit&CobiT-GRC Training.-ATEL Technology&Defense Industry–ISO27001 Training, Consultancy & Imp., -Bottle & Glass Group (SISECAM GROUP) ISO27001 Information Security Governance & Certification Program– ISMS & Awareness Training, Gap Analysis, Internal Audit & Assessment, Consultancy & ISMS Impl. (16 Plants- AnadoluCam, TrakyaCam, Sise-Cam, Otocam, Soda, Kromsan, Pasabahce) for EU Compliance in Customs (YYS).-Ugur Cooling Inc.– ISO31000 Risk Management Impl. Training & Audit Consultancy

Senior Business Partner and member of the team of auditors and consultants.

After becoming a founding member of ISACA Istanbul in 2009, founded ISACA Ankara in 2011. Training & Consultancy - Implementation & Audit - CobiT 4.1 & CobiT 5, ISO 27001, ITIL, ISO 31000, ISO 22301, ISO 38500, ISO 20000 - IT Governance, IT Audit, Internal Audit, Information Security, IT Risk Management, Business Continuity, Service Management & Operations, etc.

(EVAM is a Continuous Intelligence platform & service for big data analytics) Detailed Assessment of IT development, product & customer service (in Banking, Manufacturing, Retail & Loyalty, Transportation & Telco) processes with the perspective of risk, information security, governance, privacy, compliance & control maturity. Reported the findings and recommendations to the CEO & CTO. Used COBIT framework & ISO 27001 Information Security Management Standard as IT General Controls Framework.

Delivered TBF 415 IT PROJECT MANAGEMENT CLASS for MIS Department Students.

-Auditing, assessment and executive level reporting of projects, operations and major processes of HAVELSAN and HAVELSAN’s corporate clients.-TCDD – Turkish State Railways Company Assessment and Business Development Reporting for potential IT projects for HAVELSAN’s further involvement. -Assessed and audited HAVELSAN’s ASOS – Military Health Automation System Project and its operational processes, and provided training to the ASOS employees in process management and service delivery. The duty was performed on GATA (Military Hospital) Site. Full COBIT Methodology is used for Assessment and/or Reporting. Actions are taken for improvement and new business opportunities.

Internal Audit & GRC (Governance, Risk & Control) professional including IT related matters. Overall Process Analysis & Improvement. Coordination of and/or collaboration with cross-functional projects relevant to process flows and controls. Follow-up of External Audit Findings and Risk Mitigation. Member of the Corporate Information Security Forum. Audited, coordinated and helped the improvement of the following departments, functions and/or processes such as: Logistics, Production Planning, Supply Chain, Material (MRK) and Supplier Quality (SQE), Marketing and Brand Communications Management, Information Systems, Import and Export, Information Security, CRM, SAP - ERP Integration, Positive BOM, Order Acceptance and Processing - Memorandum, etc.

Projects managed & completed with success (from the most recent):1) ROKETSAN Missiles & Defense Inc-Information Security Governance Project Manager (Sep2010–Apr.2011): Project for Assessment & Delivery of an action plan for the foundation of Information Security Governance based on ISO270012) TURKISH EXIMBANK - CobiT Implementation & Training Project Manager (Sep2009-Jun2011): Compliance & transition project for Eximbank IT Department for meeting the requirements of BRSA (BDDK) in IT Governance, CobiT & Security Audits (financed by IBRD-World Bank).3) ECORYS Research & Consulting - ISKUR (Turkish Labor Association) STE for Active Employment Project (EU Project) (Feb2010–May2010): Hired by Ecorys to "audit & assess" Turkish Employment Agency (ISKUR) Mainstream Software & Web Application (www.iskur.gov.tr) for Recruitment, Job Matching, Unemployment Benefit Payment & Training Services provided by ISKUR.4) PTT - TURKISH POSTAL SERVICES - Strategic Planning Project Manager (Aug2008-Aug2009): • Enabled delivery of the Strategic Plan for Banking, Logistics & Postal Services for 2010-2020 (presented to PTT BOD)• Enabled the Board of PTT to take investment decisions in Sales and Marketing, Banking and Logistics; Technology for Operational Efficiency to achieve Organizational Change & Transformation.• Established a vision for government owned PTT to adapt a strategy to function as a competitive & global player market, including assumptions for privatization.5) TURKISH MINISTRY of FINANCE - Project Manager in Internal Control & IT Governance (Nov2007–Aug2008):• IT Assessment & gap analysis for the Strategy Development Directorate in Min. of Finance (CobiT Processes)• ISO27001 based (ISMS) Information Security Management System implementation & process formation• Central Project Office & Project Management Process Set-up (PMBOK compliant)• QMS Foundation & internal compliance in ISO 9001• Turnkey delivery of SW solutions for the above processes

18.000+ Employees; 800+ Branch Offices; 2000+ ATMs, 200.000+ POSs, 550 IT Employees, Private Sector Techological Banking Leader• IT Risk Manager: Operational / Security / Program - Project / Infrastructure / Business Risks Management (2002-2007) • Manager of the WebTrust (CA) Internet Security Certification Project which ended up with success in all 5 AICPA criteria (for the first time in the world) for www.teleweb.com (internet banking portal for YKB)• IT Audit Project Director for Audits performed in YKB Nederland for 3 years in a row (2003-2006)to meet compliance requirements imposed by DNB (Dutch Central Bank) with success• IT Audit Department Founder / CobiT Implementation Project Manager (2000-2001)• Y2K Central Project Office - Communications Manager & Head of Y2K Transition Risk Committee (1998-2000)• YKB BPR, Reorganization & Change Program (12 large, around 70 mid size Projects) – Program Financial Manager, Projects Auditor & Controller (1995-1998)• Internal Auditor - Internal Audit Department (1991-1995)

TCZB - T.C. Ziraat Bank Head Office–Ankara/TURKEY (45.000+ Employees; 1.400+ Branch Offices; Leading Public Bank specialized in Agriculture)• Securities, Bonds & Trust Shares Department – Specialist in Securities • Ziraat Banking School – 1 Year MT Program Attendant