Information Security Engineer - Security and Risk Management - Hybrid

Ready to learn more about us?
We were founded in 2010 with a dynamic and agile start-up spirit. The trust of around 30 million customers and 250,000 sellers has made us the first decacorn in Turkey. Our success is backed by renowned investors such as Alibaba, General Atlantic, Softbank, Princeville Capital and several sovereign wealth funds. In 2022, we opened our first dedicated international office in Berlin and expanded to Amsterdam, Luxembourg and London. And that's just the beginning!
Tech at the root
We believe that technology is the driver and e-commerce is the outcome. Thanks to the dedication of our team, we have become one of the top 5 e-commerce companies in EMEA and one of the fastest growing worldwide. We currently deliver over 1.5 million parcels daily to 27 countries.
Growth is in our DNA
As a young and dynamic company, we are constantly growing and expanding. With Trendyol Tech, one of the leading R&D centres, Trendyol Express, the fastest growing delivery network, Dolap, the largest platform for second-hand goods, and Trendyol Go, our instant food and grocery delivery service, we are gearing up to become the world's leading e-commerce platform.
Focused on positive impact
Our vision goes beyond business success. We strive to make a sustainable and positive impact on our customers, business partners, and society. By digitizing merchants and SMEs, helping businesses grow, and promoting women's economic empowerment, we are dedicated to creating a better future.
ABOUT THE TEAM
If you are a techie, you belong in our Technology Team that builds scalable, high-performance platforms for our customers using up-to-date and efficient technologies.
We are all working with the same purpose: To create a positive impact in our ecosystem by enabling commerce through technology.

Your Main Responsibilities

• Assisting the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security, risk, and compliance.
• Good knowledge of operating systems, network infrastructure, firewalls, and database security,
• Identifying security risks, creating and monitoring an action plan to eliminate risks
• Maintaining KVKK, GDPR, PCI-DSS, ISO 27001 compliance and periodic audits and controls within this scope. Also, help the Technology team in the phase of implementation of these regulations
• Taking part in periodic and effective user awareness programs
• Helping to reduce information security risks generated by all functions and third parties
• Conduct technical reviews for new features and identify privacy and compliance concerns. Work closely with technical and non-technical teams, including Engineering, Product and Legal in order to mitigate security, privacy and compliance risks.
• Fluency in English

Qualities We Are Looking For

• Proficiency in developing information security policies and procedures
• Proven records of executing programs that meet the objectives of excellence in a dynamic environment
• Play a key role in driving large cross-company security, privacy and compliance reviews of products and features.
• Being a critical thinker, with strong problem-solving skills
• Having Project management skills
• Manage information security related incidents
• Knowledge and understanding of relevant legal and regulatory requirements, such as PCI-DSS, KVKK, GDPR and BDDK regulations
• Having CISSP certification (preferred)
• 2+ years of experience with Data Protection and Banking regulations (preferred)
• Having experience with coding and system design review (preferred)