BURHAN CIMEN

- Group-wide information security governance, risk and compliance management - Deployed group-wide Bug Bounty and Vulnerability Disclosure programs - Managed multiple information security hardening projects to improve resiliency - Designed and established group wide audit findings remediation programme

Infosec program management, policy generation/enforcement. Consultancy for strategic services/applications. Cloud infrastructure security architecture design and consultancy for AWS and Azure. Threat, risk and control assessment framework design and implementation for application assessments. Raised maturity ratings of services by effective audit preparation and support on control implementation. Extensive use of data for decision making by using tools like Powershell, Powerbi, Servicenow.

Managed various information security focused global internal audits covering products and infrastructure that support whole world. Extensive value-add via audits that scope technologies such as virtualization, cloud services, NIPS, Anti-DDOS, SIEM, cloud proxy. Consultancy for control design and audit finding treatment. Incorporated data extraction and analysis skills to the audit team using powershell and various reporting solutions to support automated evidence collection and finding documentation.

Implemented IT internal control framework to ensure confidentiality, integrity and availability of customer information. IT security and process advisory services for all financial processes Active support and involvement in control design and implementation.

Managed various cybersecurity oriented including physical security, perimeter security components, malware protection, customer facing services like DDOS mitigation, mobile payment carrier gateway Consultancy and compliance reviews on ISO27001, COBIT and PCI-DSS including subsidiary Lifecell Ukraine Practiced continuous auditing by using and processing data from various data sources, extensive usage of SQL for this purpose.

- Lead auditor on various audit projects including local/international subsidiaries, topics contain various COBIT processes, business processes including Credit/Debit Card Management Systems, POS Systems, Loan management etc., Physical Security, Network Security, Mainframe Systems Security - Actively participated in annual audit planning and audit risk management. - Lead consultant projects on IT operational risk management, alignment of IT to enterprise risk management. - Internal trainer