Getir is a tech company. We are writing the book on super-fast delivery and ‘democratizing laziness’. Our journey started in 2015 by simply bringing groceries to your door, via our simple/sophisticated app. All within minutes. Today, Getir brings hot food, and well your weekly groceries. We see what you need, then we make it!

For our Audit & Corporate Security Department, we are looking for "Information Security Compliance Specialist".

Requirements:

  • 3-4 years of experience in an IT GRC, Information Security, Governance, Compliance and Risk Management
  • Understanding of fundamental technical knowledge on cloud-based systems, software development, network and computer systems
  • Knowledge on CSA, ISMS, NIST, SANS framework, ISO 27001, SOC2, OWASP and PCI DSS standards and experience with IaaS, PaaS, SaaS, Cloud, traditional infrastructure and application security controls
  • Familiar with GRC and TPSA concept, GRC capability areas such as enterprise security, compliance and risk management, policy management, evaluating, mitigating on risk, security awareness training, metrics, and reporting
  • Ability to develop security standards and guidelines based on best practices and industry standards
  • Extensive familiarity with regulatory compliance to include but not limited to, KVKK, GDPR relevant legislation and standards for the protection of KVKK, GDPR, information
  • Experience responding to, analyzing, and communicating information security incidents
  • Demonstrated skills in providing recommendations of mitigating steps to reduce the likelihood of compromise of confidentiality
  • Professional certifications (CISA, CRISC, CISSP etc.) is an advantage

Key Roles and Responsibilities:

  • Serving as a lead internal consultant by working directly with technology and the business to ensure security and compliance needs are factored into processes, projects, services and applications
  • Drive to perform periodic reviews of Getir security compliance programs to support information security standards regulations regional and global, performs risk ranking and reports on non-conformities
  • Establishes, monitors and tests controls, supporting audit readiness. Leads preparation and delivery of evidence and facilitates walkthroughs for audits
  • Performs programmatic third-party assessment and review. Identifies, classifies, tracks, communicates, and mitigates exposures and potential exposures. Utilizes threat modeling to project and communicate potential exposures and justify control implementations
  • Develops implements, maintains, and oversees enforcement of internal security policies and procedures. He also plans and implements data security, system security administration and user system access based on industry-standard best practices and compliance requirements
  • Accountable to own and manage the GRC tool with updated IT risk register, controls, gaps, remediation, and reporting

---

Getir olarak kişisel verilerinizi nasıl işlediğimiz hakkında detaylı bilgi için lütfen Çalışan Adayı Aydınlatma Metnimizi inceleyiniz.

Please see our Candidate Privacy Notice for detailed information on how we process your personal data.