PASHA Holding invites experienced candidates to fill the position of IT and IS Risk Senior Specialist within Group Risk Management Department.  

Job description:

• Lead Group wide security related projects/initiatives;
• Understand and communicate of legal and regulatory requirements on IT and information security;
• Contribute to the standard for IS, IT Risk reporting and KRI monitoring across PH group companies;
• Determine IT and IS risks associated with Corporate Center operations to implement necessary measures;
• Conduct comprehensive reviews and provide insightful evaluations on the current state of IT, Information Security, and Cybersecurity controls;
• Design and maintain information security policies, requirements in projects, products and services;
• Review information systems and processes, data governance processes, ensuring appropriate user permissions and adherence to security protocols;
• Analyze Strategic Asset’s requests on Risk Health Index (RHI) IT/IS/ data and metrics with PH Group companies;
• Assessment, identification and documentation of internal and external IT/IS threats and risks and its impact;
• Manage information security and digital fraud awareness initiatives;
• Lead the investigation and reporting of security breaches, documenting the incident and the extent of damage caused;
• Report on regular basis and upon request, Reporting for different level of management;
• Communicate clearly to a wide range of audiences, form trusting relationships;

Experience, Competencies and Skills Required:

• Relevant academic qualifications, university degree in Information Security, Informatics, Computer Science, Management of Information Systems;
• Work experience in information security and IT;
• Good understanding of OSs, Networking, Firewalls, be familiar with Application Security, Virtualization, Cloud Security, Data Privacy;
• Understanding of concepts related to information systems, including security and control risks such as logical and physical access security, change management, information security and privacy, business recovery practices and network technology;
• Completion one of certifications like CRISC, CISM, CISSP, ISO/IEC 27005 Risk Management, or specific to the information technology industry such as a Certified Network Engineer, Certified Security Professional, or other certification;
• Previous experience with İnformation Security standards and regulations such as ISO 27k Family, NIST, PCI DSS and etc.;
• Good understanding of information security paradigms and Risk Management concepts;
• Work experience and sound knowledge of the bank/insurance industry;
• Writing and documentation skills;
• Confident written and verbal communication skills along with ability to present technical information to both technical and non-technical audience.

 How to apply:

Interested cadidates are requested to submit application form:

• https://apply.workable.com/pasha-holding/j/65217AFDA6/
• Applications should be sent by October 31, 2024.

Attention: The candidates will go through initial CV screening review. Those candidates ONLY who succeeds based on CV screening will be contacted via email and/or phone and will be invited to interview