• Own end-to-end compliance strategy and build a comprehensive compliance roadmap aligned with business objectives • Conduct risk assessments and identify compliance risks specific to SaaS business models; develop mitigation strategies • Establish and maintain compliance processes, procedures, and documentation; ensure adherence to regulatory frameworks • Build compliance programs from ground up and coordinate compliance audits and assessments • Work closely with legal, engineering, product, and business teams to provide compliance guidance • Manage relationships with external compliance consultants and auditors • Lead compliance training initiatives across the organization • Provide insights and opinions on compliance risks and opportunities in the SaaS industry

• We are looking for a highly motivated and detail-oriented Information Security Specialist to join our growing security team. The ideal candidate will be responsible for ensuring the organization’s compliance with security standards such as ISO 27001 and SOC 2 Type 2, managing business continuity processes, and supporting security governance on AWS environments. This role requires a proactive mindset, strong technical knowledge, and a good understanding of both internal IT systems and regulatory frameworks like KVKK and GDPR. • Drive the implementation and continuous improvement of the ISO 27001 Information Security Management System (ISMS) • Conduct and document internal audits and follow up with action plans • Coordinate and enhance business continuity and disaster recovery processes • Support SOC 2 Type 2 compliance efforts and evidence collection • Provide governance support for AWS infrastructure and cloud security configurations • Collaborate with internal Red Team and Blue Team to follow up on technical findings • Maintain, update, and implement security policies, standards, and procedures • Plan and execute security awareness programs (training, campaigns, gamification, etc.) • Assess third-party security through security assurance reviews • Support security incident handling and security reporting processes • Provide input on privacy regulations (KVKK, GDPR) and ensure alignment with global policies • Act as a security consultant to business units and IT teams

• Management and Maintenance of SIEM Tools: Configuring, monitoring, and enhancing SIEM functionalities. • Rule Creation and Optimization: Developing rules, reports, dashboards, and use cases to detect threats and attacks. • Threat Analysis: Analyzing threats using logs, IPS/IDS, cyber intelligence reports, and other data sources. • MITRE ATT&CK Framework Integration: Reviewing existing rules and developing new attack detection scenarios. • Incident Response: Taking an active role in detecting, analyzing, and mitigating security incidents. • False Positive Reduction: Working with CDC Engineers to optimize detection logic and minimize false positives. • Log Management: Importing and troubleshooting logs from various security products and company-wide log sources. • Security Metrics & Reporting: Defining and monitoring key security metrics, creating dashboards and reports. • Database and EDR Tool Management: Maintaining, optimizing, and enhancing security configurations. • Cyber Intelligence & Threat Hunting: Staying updated with the latest cyber threats and integrating threat intelligence into security operations.

• performs web, mobile application, and internal penetration tests, source code reviews, threat analysis, social-engineering assessments, • supports blue teams when needed, • researches new attack vectors and stays current with cybersecurity news and trends, • trains Quality Assurance and Development teams in standard security testing techniques and secure software development.