Onur AYYILDIZ
(+90) 534 342 86 39
PROFESSIONEL SUMMARY
Experienced 15+ years in IT industry with the proven ability to design, implement and manage high performance enterprise systems by introducing cost-efficient, advanced technologies that streamline operations. Professional in senior management positions at corporate companies in Information Security, Risk and Compliance, IT Governance, Business Continuity, Infrastructure Management, System Operations, Budget Planning, Service Delivery fields.
Excellent communicator and influencer in working collaboratively with IT leadership teams to define and accomplish project milestones. Highly adept in problem-solving, technology needs assessments and staff training.
Holding industry recognized certifications; #CISSP - #C|CISO - #CEH – #PCI-DSS-ISA
Areas of Expertise :
-
IT and Cybersecurity Strategy, Management and Governance
-
Information Security, Cybersecurity Programs & Management
-
IT Governance, Risk, Compliance and Audit Management
-
Change, Incident, Problem, IT Service Management
-
Business Continuity & IT Disaster Recovery
-
Design and Administer:
-
Windows and Unix based systems and services
-
Database and application architecture
-
Network Infrastructure for data, voice and video transmission
-
Information Security and Data Privacy
-
PROFESSIONEL EXPERIENCES
Head of Information Security & Infrastructure
(2009 - Present)
Anadolu Sigorta - Istanbul, Turkey
Founded in 1925, as a privately-owned insurance company, Anadolu Insurance Company has played an important role in the development of the insurance industry in Turkey. It serves more than 10 million customers with more than 2500 business partner and more than 2000 employees
-
Collaborating with business and technical teams to create, manage, and initiate Cyber Security and Information security strategy to become a part of the culture for the company.
-
Executing the management of the first/second line of defense and offense teams with the help of 15+ cyber security engineers to secure 200+ application and 1500+ servers with 4PetaByte data.
-
Ensuring Cyber Security Operation Center monitors and responding to cyber-attacks 24/7, developing use-cases and playbooks, and conducting vulnerability scans and penetration tests to combat cyber-attacks.
-
·Serve as a key member of the company’s Information Security Compliance Program by supporting ongoing compliance activities and monitoring efforts across different Regulations and GRC Standards (PCI, ISO, GDPR, COBIT others) as applicable and succeeded in being the first insurance company to get PCI DSS compliance certification in Turkey.
-
Consults with information security risk engineers to analyze it environment of vendors providing various IT services to company.
-
·Managing Security operation team which are responsible for;
-
Configuring, troubleshooting and administration of Firewalls, IPS, Anti-Virus, URL Filtering systems.
-
Administration of MPLS, internet, local networks, Load Balancer and VOIP systems
-
Network & Security Administrator
Mavi - Istanbul, Turkey
(2004 - 2009)
-
Managed all network and security infrastructure components.
-
Administration and monitoring of all windows\Linux servers
-
Windows patch testing and distributing.
-
Contributing to disaster recovery system
EDUCATION
KOC University - Istanbul, Turkey
Executive Development Program
Yildiz Technical University (YTU) - Istanbul, Turkey
Mathematic Engineer, Bachelor Degree
SKILLS
Information Security
-
Information and Cyber Security Management.
-
Penetration Testing
-
Vulnerability Management
-
Incident Response
-
Treat Intelligence
-
Information Security Awareness
-
Cloud Security
Network Security Management
-
Firewall, IPS/IDS Management (Checkpoint, Palo Alto)
-
Load Balancer and WAF (Citrix and F5)
-
Antivirus, EDR (Symantec, Carbon Black)
-
URL Filtering (Forcepoint, Palo Alto)
-
SSL-VPN (Checkpoint, Palo Alto)
IT Risk and Governance
-
Cobit, NIST
-
PCI-DSS
-
ISO27001
-
GDPR
-
CIS
-
Business Continuity
Interpersonal Skills
-
Leadership
-
Negotiation and persuasion
-
Problem Solving
-
Resilience
-
Self discipline
-
Team Work
PROJECTS
Cybercop - SaaS Platform for Cybersecurity Rating Software (2022)
I am the owner of the idea. Collaborated with senior management and budget was taken, created a team, managed project from end to end.
What Cybercop do;
-
Solving the risk analysis needs of insurance companies and determine the cyber risks of companies' digital inventories open to the outside world.
-
Monitoring the security performance of third and fourth parties as well as their own security
-
Companies can regularly assess cyber risks in their Digital ecosystems.
Performing Internal/External Audits – (2012-Present)
-
Audit, control, and review more than 50 audits and become the first PCI DSS certificated insurance company in Turkey.
-
Prepared more than 100 document based on regulations and GRC Standards.
Information Security Awareness Education – (2012-Present)
-
Planned and developed an enterprise-wide information security awareness program more than to 5000 users
Setting Up Security Operation Center – 2021
-
Collaborated with a 8 member team that developed a new security operation center, monitoring the system which has 10.000EPS.
-
Setting Up Disaster Recovery Center – 2020
-
Evaluate new DRC environment, updated to ISO22301 framework, and assume responsibility for client BCDR program.
-
Plan and manage IT Disaster Recovery setup Project, had several DRC tests including interruption – simulation – tabletop exercises and reports to senior management.