IT and IS Risk Specialist

13 April 2021 - 2 August 2021

PASHA Holding invites experienced candidates to fill the position of IT and IS Risk Specialist within Group Risk Management Department.  

Job description:

  • Reviews IT, operational and business risks, functions and activities, and evaluates their impact in order to determine and recommend relevance of proposed solutions;  
  • Ensure that information security and cyber controls operate effectively and recommend and implement design improvements and enhancements
  • Assist in development Data Management, IT and Information Security standards and best practices for the organization and recommend security enhancements;
  • Participate in deployment of security frameworks and solutions;
  • Prepare reports that document security breaches and the extent of the damage caused by the breaches;
  • Reviews and submits evaluations on current status of IT, Information Security and Cyber Security controls;
  • Monitor use and regulate access to information systems;
  • Assisting enterprise Information security awareness program;
  • Monitors compliance with IS policies, standards, guidelines and procedures;
  • Project management for security related requirements;
  • Consistently track all new IT and Information Security risks and vulnerabilities that could impact the company;
  • Challenge the effectiveness of controls across the Group utilizing both internal and external data to provide context to management;
  • Communicate clearly to a wide range of audiences, form trusting relationships.

Experience, Competencies and Skills Required:

  • Relevant academic qualifications, university degree in Information Security, Informatics, Computer Science, Management of Information Systems;
  • Work experience in information security and IT;
  • Good understanding of OSs, Networking, Firewalls, be familiar with Application Security, Virtualization, Cloud Security, Data Privacy;
  • Understanding of concepts related to information systems, including security and control risks such as logical and physical access security, change management, information security and privacy, business recovery practices and network technology;
  • Completion one of certifications like CRISC, CISM, CISSP, ISO/IEC 27005 Risk Management, or specific to the information technology industry such as a Certified Network Engineer, Certified Security Professional, or other certification;
  • Previous experience with İnformation Security standards and regulations such as ISO 27k Family, NIST, PCI DSS and etc.;
  • Good understanding of information security paradigms and Risk Management concepts;
  • Work experience and sound knowledge of the bank/insurance industry;
  • Writing and documentation skills;
  • Confident written and verbal communication skills along with ability to present technical information to both technical and non-technical audience.

How to apply:

Interested candidates are requested to submit:


Attention: The candidates will go through initial CV screening review. Those candidates ONLY who succeeds based on CV screening will be contacted via email and/or phone and will be invited to interview

who succeeds based on CV screening will be contacted via email and/or phone and will be invited to interview