В службу доставки продуктов и еды из ресторанов Getir ищут Head of Information Security.
Getir is looking for an experienced Head of Information Security to lead strategy on technology security.
This is a high profile, global role with the opportunity to make a significant impact on the business, as it continues to grow. You will work as part of Global IT Department and be responsible for the key decision making and shaping of a newly defined team.
Getir is the pioneer of ultra-fast delivery. By bringing together great technology with a unique operational model, they were the first to introduce the concept of groceries being delivered to your door in minutes. Technology continues to be at the heart of business as company expands across the globe.
What You’ll Be Doing:
- Define, own, deliver and continuously improve the Information Security strategy for Getir, in line with business objectives
- Hire, develop and lead a strong security specialists across multiple sites and geo locations
- Drive to perform periodic reviews of Getir security compliance programs to support information security standards regulations regional and global, performs risk ranking and reports on non-conformities
- Responsible for ensuring due diligence is performed on third parties where necessary and regular penetration testing of our systems and services. Whilst tracking remediation of findings
- Business owner of creating and maintaining internal security processes, policies and procedures
- Accountable to own and manage updated technology risk register, controls, gaps, remediation, and reporting
- Choosing new security products and conducting the technology research process in responsible areas
- Following the updates about technology security and participating in active studies about the measures to be taken in Getir
- Coordinating Information security awareness trainings within the organisation
- Accountable for the Information Security budget, working with finance partners to track, maintain and forecast
What You’ll Bring:
- 10+ years of experience in Information Security, Governance, Compliance and Risk Management
- Strong people management - Support, promote and develop people within the team, while creating opportunities for them to continuously improve
- Strong interpersonal skills with exceptional stakeholder and vendor management
- Ability to present reports and business cases to senior leadership
- Fluent or very high level of English Language and an excellent communicator
- Understanding of fundamental technical knowledge on cloud-based systems, software development, network and computer systems
- Knowledge on CSA, ISMS, NIST, SANS framework, ISO 27001, SOC2, OWASP and PCI DSS standards and experience with IaaS, PaaS, SaaS, Cloud, traditional infrastructure and application security controls
- Extensive familiarity with regulatory compliance to include but not limited to, KVKK, GDPR relevant legislation and standards for the protection of KVKK, GDPR, information
- Experience in Secure SDLC and worked on the establishment / regulation of the process, and has a good command of threat modelling and security analysis processes
- Experience of architectural planning in related technologies