Cenk Ornek

Cenk Ornek

Work History

Work History
Aug 2008 - Present

IT Security Manager

Akbank - Citigroup affiliate

Employer: Akbank (Citigroup affiliate)- Turkey (Total nb. of staff: 13.000 in 860 branches. There are 5 employees reporting to me)

RESPONSIBILITIES

  • Member of IT Security commitee
  • Prepare and review IT Security policies.
  • Prepare IT security programme/framework, IT Security budget
  • Manage a department that runs devices such as Firewalls (Checkpoint and Cisco ASA), IPS/ISS (Intrusion Prevention System), ADS (Anomaly Detection System), VPN, Windows Active Directory, Unix, IBM LDAP, Anti-Spam, Antivirus - Symantec, Viruswall, RACF for z/OS.
  • Design Network architecture (Firewall, IPS, VPN architecture)
  • Attend project meetings for IT security requirements
  • Follow, mitigate IT risks on Windows, Unix and host environment.
  • Lead Computer Incident Response Team and resolve issues proactively.
Nov 2006 - Jul 2008

IT AUDIT MANAGER IN INTERNAL AUDIT DEPARTMENT

AHLI UNITED BANK

Employer: Al Ahli United Group - Bahrain (Group has banks in Bahrain, Qatar, Kuwait, Egypt, Oman. Total nb. of staff: 5.000. I conduct reviews for group banks onsite and offsite)RESPONSIBILITIES

  • Prepare annual risk based audit plan using COBIT framework.
  • Conduct IT audit (system and/or process review) on following areas: IT Strategy and Governance, IT Security Management, Network Security (Architecture, Wireless), SDLC, Business Continuity Plan - Disaster Recovery, Production Control, Environmental and Physical Control
  • Determine security requirements and baselines, evaluate IT risks for group projects such as: Internet banking, Islamic Banking, Basel II
  • Conduct 27001 gap analysis for entities and affiliates
  • “Visa Self Audit” Auditor
Sep 2005 - Oct 2006

- IT AUDIT MANAGER IN INTERNAL AUDIT DEP

T.C. ZIRAAT BANKASI

Employer: T.C. ZIRAAT BANKASI - Ankara / TURKEY (Ziraat, which is having international presence, is one of the largest banks of Turkey in terms of asset size. Total nb. of staff is 22.000 in 1.270 branches. 10 staff reported to me under following two branches.)INFORMATION TECHNOLOGY AUDIT SECTION (6 employees)

  • Prepare IT risk reports for the following systems; Windows, Exchange, Unix-family, Checkpoint, IPS, Distributed Databases
  • Follow and maintain IT risks: Build IT risk database with Operational risk department. Add IT report findings to the risk database.
  • Penetration Test for critical servers: Monthly penetrate to critical servers from Internet and company
  • Lead annual external IT Audit reviews: Participate and lead IT audit that is performed by Deloitte & Touche.
  • Review modules of banking application
  • Build and maintain website for internal auditors. Distribute CAAT (Computer Aided Audit Techniques) reports to 300 internal auditors via website.
  • Participate preparation and review of IT Security Policy

COMPUTER AIDED FINANCIAL AUDIT SECTION (4 Employees)

  • CAAT (Computer Aided Audit Techniques) with ACL and Business Objects. Write scripts and build report schedules with ACL. Prepare reports and distribute to internal auditors for onsite review. Build 26 scenarios.
Apr 1998 - Aug 2005

SENIOR IT SECURITY AUDITOR IN TECHNOLOGY SECURITY DEP

CUKUROVA GROUP - YAPI KREDI BANK and PAMUKBANK

Employer: CUKUROVA HOLDING - YAPI KREDI BANK and PAMUKBANK -  Istanbul/TURKEY (Total nb. of employees: 14.000 in 570 branches)IT SECURITY RESPONSIBILITY

  • Annually prepare ISO 17799 Gap analysis report for the group.
  • Annually conduct system security audit for the following systems: Windows Domain Controllers, Unix-family, Oracle, AS/400, Mainframe-z/OS, Checkpoint – FW1, ISS RealSecure, Distributed Databases
  • Build IT risk database. Add IT audit reports’ findings to the risk database. Follow and maintain the database. Prepare presentation about IT risks.
  • Review security architecture, define, determine, evaluate existing and new security products, follow Gartner reports,
  • Annually review general security policy, security policies and procedures,
  • Penetration Test for servers with Languard, Retina, MBSA, CGI script attacks, Stealth, Nessus …
  • Monitor system and security logs and take action or call “Incident Response Team” when there is an intrusion
  • Lead Computer Security Incident Response Team.
  • Annually prepare on-site IT Audit report for YKB-Nederland.
  • Visa and Mastercard self auditor
  • Participated external IT audit reviews

PROJECT MANAGEMENT RESPONSIBILITY

  • Determined security requirements and baselines, evaluate IT risks for home-written application projects including: Internet banking, Telephone banking, Credit card applications
  • Participated and evaluated IT risks for following IT security projects: Data classification, Identity-user management, Single-sign-on, Security log data warehouse, Web filtering, content filtering, Websense

Education

Education

MSc Computer Science

Hertfordshire University -

Modules included: Computation, Introduction to Computing Environments, Programming and Program Design, Systems Modelling, Open Systems and Networks, Databases

Thesis Topic: “Intrusion Detection Systems with Data Mining Methods”

Certifications

Certifications
Jan 2009 - Present

CISM - Certified Information Security Manager

ISACA
Jan 2004 - Dec 2008

CISA - Certified Information Systems Auditor

ISACA
Jan 2003 - Dec 2008

CISSP - Certified Information Systems Security Proffessional

ISC2