Security Engineer, GRC

Help build development and enforcement of security policies, standards, and procedures across the organization

Lead efforts to monitor, interpret, and implement regulatory obligations (e.g., KVKK, MASAK, SPK, ISO 27001), and keep the company ready for audits and regulatory changes.

Maintain and evolve our Trust Center to ensure it accurately reflects our security and privacy posture, expanding its scope as new compliance frameworks and business needs emerge.Set standards and deliver policies on data privacy and consumption for internal & external customers

Track, document, and report on the status of security controls, audits, and compliance initiatives

Support the design, implementation, and continuous improvement of the information security governance framework

Collaborate with security, engineering, infrastructure, and product teams to align controls with business and technical processes

Promote security awareness and risk ownership across business units through structured communication and training initiatives

Support internal and external audit processes by coordinating evidence collection, preparing documentation, and ensuring timely remediation of findings

Plan and conduct annual information security risk assessments and third-party vendor evaluations, ensuring all identified risks are documented, prioritized, and remediated in alignment with the company's risk appetite and compliance obligations.

Design, deploy, and maintain technical controls for encryption at rest and in transit, tokenization, and data masking, implement and oversee PAM and Secrets Management solutions.

Proven experience in security governance, risk management, or compliance roles

Solid understanding of information security principles and regulatory frameworks (e.g., ISO 27001, NIST CSF, COBIT, KVKK, SPK)

Familiarity with risk assessment methodologies and tools

Experience in writing and maintaining security documentation and policies

Ability to translate regulatory and technical requirements into actionable internal processes

Strong communication skills with both technical and non-technical audiences

A structured, detail-oriented mindset with a passion for consistency and accuracy

Fluency in English 

Nice to have: Experience working in regulated environments such as fintech, banking, or SaaS