Download PDF

Work experience

Aug 2008Present

IT Security Manager

Akbank - Citigroup affiliate

Employer: Akbank (Citigroup affiliate)- Turkey (Total nb. of staff: 13.000 in 860 branches. There are 5 employees reporting to me)

RESPONSIBILITIES

  • Member of IT Security commitee
  • Prepare and review IT Security policies.
  • Prepare IT security programme/framework, IT Security budget
  • Manage a department that runs devices such as Firewalls (Checkpoint and Cisco ASA), IPS/ISS (Intrusion Prevention System), ADS (Anomaly Detection System), VPN, Windows Active Directory, Unix, IBM LDAP, Anti-Spam, Antivirus - Symantec, Viruswall, RACF for z/OS.
  • Design Network architecture (Firewall, IPS, VPN architecture)
  • Attend project meetings for IT security requirements
  • Follow, mitigate IT risks on Windows, Unix and host environment.
  • Lead Computer Incident Response Team and resolve issues proactively.
Nov 2006Jul 2008

IT AUDIT MANAGER IN INTERNAL AUDIT DEPARTMENT

AHLI UNITED BANK

Employer: Al Ahli United Group - Bahrain (Group has banks in Bahrain, Qatar, Kuwait, Egypt, Oman. Total nb. of staff: 5.000. I conduct reviews for group banks onsite and offsite)RESPONSIBILITIES

  • Prepare annual risk based audit plan using COBIT framework.
  • Conduct IT audit (system and/or process review) on following areas: IT Strategy and Governance, IT Security Management, Network Security (Architecture, Wireless), SDLC, Business Continuity Plan - Disaster Recovery, Production Control, Environmental and Physical Control
  • Determine security requirements and baselines, evaluate IT risks for group projects such as: Internet banking, Islamic Banking, Basel II
  • Conduct 27001 gap analysis for entities and affiliates
  • “Visa Self Audit” Auditor
Sep 2005Oct 2006

- IT AUDIT MANAGER IN INTERNAL AUDIT DEP

T.C. ZIRAAT BANKASI

Employer: T.C. ZIRAAT BANKASI - Ankara / TURKEY (Ziraat, which is having international presence, is one of the largest banks of Turkey in terms of asset size. Total nb. of staff is 22.000 in 1.270 branches. 10 staff reported to me under following two branches.)INFORMATION TECHNOLOGY AUDIT SECTION (6 employees)

  • Prepare IT risk reports for the following systems; Windows, Exchange, Unix-family, Checkpoint, IPS, Distributed Databases
  • Follow and maintain IT risks: Build IT risk database with Operational risk department. Add IT report findings to the risk database.
  • Penetration Test for critical servers: Monthly penetrate to critical servers from Internet and company
  • Lead annual external IT Audit reviews: Participate and lead IT audit that is performed by Deloitte & Touche.
  • Review modules of banking application
  • Build and maintain website for internal auditors. Distribute CAAT (Computer Aided Audit Techniques) reports to 300 internal auditors via website.
  • Participate preparation and review of IT Security Policy

COMPUTER AIDED FINANCIAL AUDIT SECTION (4 Employees)

  • CAAT (Computer Aided Audit Techniques) with ACL and Business Objects. Write scripts and build report schedules with ACL. Prepare reports and distribute to internal auditors for onsite review. Build 26 scenarios.
Apr 1998Aug 2005

SENIOR IT SECURITY AUDITOR IN TECHNOLOGY SECURITY DEP

CUKUROVA GROUP - YAPI KREDI BANK and PAMUKBANK

Employer: CUKUROVA HOLDING - YAPI KREDI BANK and PAMUKBANK -  Istanbul/TURKEY (Total nb. of employees: 14.000 in 570 branches)IT SECURITY RESPONSIBILITY

  • Annually prepare ISO 17799 Gap analysis report for the group.
  • Annually conduct system security audit for the following systems: Windows Domain Controllers, Unix-family, Oracle, AS/400, Mainframe-z/OS, Checkpoint – FW1, ISS RealSecure, Distributed Databases
  • Build IT risk database. Add IT audit reports’ findings to the risk database. Follow and maintain the database. Prepare presentation about IT risks.
  • Review security architecture, define, determine, evaluate existing and new security products, follow Gartner reports,
  • Annually review general security policy, security policies and procedures,
  • Penetration Test for servers with Languard, Retina, MBSA, CGI script attacks, Stealth, Nessus …
  • Monitor system and security logs and take action or call “Incident Response Team” when there is an intrusion
  • Lead Computer Security Incident Response Team.
  • Annually prepare on-site IT Audit report for YKB-Nederland.
  • Visa and Mastercard self auditor
  • Participated external IT audit reviews

PROJECT MANAGEMENT RESPONSIBILITY

  • Determined security requirements and baselines, evaluate IT risks for home-written application projects including: Internet banking, Telephone banking, Credit card applications
  • Participated and evaluated IT risks for following IT security projects: Data classification, Identity-user management, Single-sign-on, Security log data warehouse, Web filtering, content filtering, Websense

Education

MSc Computer Science

Hertfordshire University -

Modules included: Computation, Introduction to Computing Environments, Programming and Program Design, Systems Modelling, Open Systems and Networks, Databases

Thesis Topic: “Intrusion Detection Systems with Data Mining Methods”

Certifications

Jan 2009Present

CISM - Certified Information Security Manager

ISACA
Jan 2004Dec 2008

CISA - Certified Information Systems Auditor

ISACA
Jan 2003Dec 2008

CISSP - Certified Information Systems Security Proffessional

ISC2

Portfolio

Objective

To have a position in IT Management where I can utilize my contacts, experience and skill set to contribute to the company's overall objectives and goals.

AREAS OF EXPERTISE

  • IT Governance
  • Security Governance
  • IT security policy impl./review
  • IT Security Programme
  • COBIT
  • Sarbanes-Oxley
  • ISO 27001 (17799) gap analysis
  • System audit of various systems. (Windows, Unix family, AS/400, z/OS, Databases, Firewall, IDS …)
  • BCP - Disaster Recovery
  • Penetration Test
  • Incident Response (CIRT experience)
  • CAAT – (ACL, Business Objects)
  • Project Management

Summary

HIGHLIGHTSExperience: 10 years in-IT Audit, -IT Security,-Project ManagementEducation: 4 graduations -MSc, Computer Science,-MSc, Business Information Technologies, -BA in Public Administration (Minor degree),-BSc Regional Planning (Major Degree)Certification: 4 certificates-CISM (Certified Information Security Manager) Since 2009

-CISA (Certified Information Systems Auditor) since 2004-CISSP (Certified Information Systems Security Proffessional) since 2003 Strengths:-International job experience in Middle East and Europe in countries such as Turkey, Bahrain, Oman, Qatar, Kuwait, Netherlands and UK.-Leader: Managed up to 10 IT Auditors -Results-oriented, -Hands-on experienced -Team Player* * * * * * * * *INFORMATION SYSTEMS SECURITY GOVERNANCE-Information security architecture (SABSA)-Security program preparation and mplementation-Information security strategy, IT security policy implementation, review-Business Continuity Plan, Disaster Recovery,-Determine security requirements and baselines for all home-written application projects including internet banking, telephone banking-Review security architecture, define, determine, evaluate existing and new security products, follow Gartner reports,-Researcher and author of many articles in Information security governance and IT AuditIT AUDIT-Successful completion of more than 100 IT audit reviews, and IT risk analysis.-COBIT review, Sarbanes Oxley,-ISO 27001 (formerly BS 7799)IT Security management gap analyses-Prepare annual Risk based audit plan and budget. -System audit of various systems. (Windows, Unix, AS/400, z/OS, Databases, Firewall, IDS …)PROJECT MANAGEMENTParticipation or lead to IT security/audit software selection projects and installationsCOMMUNICATION & ORGANISATION SKILLSProven ability to communicate effectively with senior corporate decision makers. Outstanding organisational, follow-up & problem solving skills.

Interest

Trekking, swimming, squash

Objective

Results-oriented, team player, self motivated, hands-on experienced expert with 10 years of expertise in all facets of IT governance is looking for a managerial position in IT Governance, IT Security or audit field.