Key skills
AWSCloudAILLMIAMJiraRisk ManagementCommunicationDecision MakingCollaborationCloud Security
About this role
Role Overview
- Drive the implementation, maintenance, and continuous improvement of the ISO 27001 Information Security Management System (ISMS), including control maturity tracking and audit readiness
- Support SOC 2 Type II compliance efforts, including control implementation, evidence collection, and audit coordination
- Conduct and document internal audits, manage findings, and follow up on remediation plans across teams
- Own and evolve the company-wide risk management program, including risk register, scoring methodology, risk acceptance, and exception processes
- Provide governance and security oversight for AWS environments, including cloud security posture, access controls, and configuration baselines
- Collaborate with Red Team and Blue Team to track, prioritize, and close technical security findings
- Maintain, update, and enforce security policies, standards, and procedures across the organization
- Design and execute security awareness and training programs tailored to different roles (engineering, ops, business)
- Lead third-party/vendor security assessments, including risk evaluation, tiering, and continuous monitoring
- Support and coordinate security incident handling, reporting, and post-incident review processes
- Contribute to data protection and privacy governance (KVKK, GDPR), including DPIA processes and data lifecycle management
- Drive AI / LLM governance practices, including secure usage policies, data exposure controls, and risk assessments for AI tools
- Act as a security consultant to business units and engineering teams, supporting secure architecture, design reviews, and risk-based decision making
- Contribute to security architecture and design review processes, including threat modeling and secure design guidance
- Coordinate and enhance business continuity and disaster recovery (BCP/DR) processes, including testing, documentation, and continuous improvement
Requirements
- Strong knowledge of ISO 27001, ISMS processes, internal audits, and control frameworks
- Hands-on experience with risk management practices, including risk identification, scoring, and mitigation tracking
- Experience in Business Continuity Management (BCM) and disaster recovery planning
- Solid understanding of AWS services and cloud security governance, including IAM, logging, and baseline hardening
- Familiarity with SOC 2 Type II framework and control domains
- Understanding of data security concepts, including data classification, data inventory, and data protection mechanisms
- Experience with vendor security and third-party risk management processes
- Knowledge of privacy regulations such as KVKK and GDPR, including practical implementation
- Familiarity with AI/LLM risks and governance concepts is a strong plus
- Strong documentation and reporting skills for audits, compliance, and executive visibility
- Experience in responding to customer security questionnaires and audits
- Strong analytical thinking and ability to assess both technical and business risks
- Ability to take ownership of security domains and drive initiatives end-to-end
- Excellent written and verbal communication skills in English
- Strong collaboration skills with both technical (engineering, DevOps) and non-technical teams
- Ability to understand and communicate the business impact of security decisions
- Capable of evaluating the security posture across cloud, application, endpoint, and data layers
- Comfortable acting as a trusted advisor and consultant to internal stakeholders *
- Proactive mindset with a focus on continuous improvement
- Willingness to provide on-call support for security-related incidents when necessary *
- Ownership of security projects from planning to execution and closure
- Ability to track, validate, and close findings from audits, pentests, and internal reviews *
- Experience working with ticketing systems (Jira, etc.) to manage security tasks and follow-ups
- Actively contributes to team collaboration, knowledge sharing, and process improvement
- Ability to communicate clearly with internal teams, auditors, and external stakeholders
- Maintains a positive and solution-oriented mindset in a fast-paced environment
Tech Stack
- AWS
- Cloud
Benefits
- Enjoy a monthly meal allowance designed to enhance your daily routine.
- Access comprehensive private health insurance.
- Feed your curiosity with access to Spotify, LinkedIn Learning, Blinkist, MasterClass, Neoskola, and CloudGuru.
- Level up with internal trainings covering AI fundamentals, coding, foreign languages, and a wide range of personal development skills.
- Be part of a diverse team that’s as global as it gets, where every voice is heard and 50+ nationalities build together.
- Become a Shareowner through our eligibility-based “ESOP” and own a piece of what you build.
- Help build the team you want to work with and enjoy rewarding referral bonuses.
- Opportunities to give back to your community through volunteering and purpose-driven social impact projects.
- From global retreats to team-building activities, expect year-round events that turn into lifelong memories.
- Get inspired by the greatest minds in the tech industry through events like our Tech & Dev Talks.
- Work from anywhere in Turkey through our fully remote setup.