Kenan YILMA

Experience

• 

  Kentbank

  Nov 1998 - Oct 2000

  Systems Support Specialist

  Team member of "Systems and Network Support Department"- Administration of Microsoft Server Products (Windows NT, MSSQL, SMS, IIS)- Administration of Messaging Systems (MS Exchange, Lotus Notes / Domino)- Administration of Security Systems (CheckPoint, Norton, RSA Securid)

• 

  Koc.net

  Sept 2000 - Apr 2005

  Enterprise Management Specialist

  Team member of "Enterprise Management Systems Department"- Network and systems management with Unicenter NSM- Windows, Solaris, Linux, Exchange, SQL, IIS- Performance and capacity management- Backup and storage management- Asset management and software delivery- Administration of antivirus / antispyware systems- Shell, VB, WMI, PERL and SQL Scripting

• 

  Koc.net

  Feb 2006 - Jul 2008

  Security Senior Specialist

  Team member of "Security Services and Security Audits Department"- Implement and maintain ISMS / ISO 27001- Develop security policies and procedures- Perform security risk management activities- Identify legal and regulatory (BTK) requirements- Business continuity and disaster recovery planning- Incident response and analysis- Security awareness and training- Perform information security and IT Audits- Penetration testing and vulnerability assessment- Administration of Firewalls, IDS / IPS, URL filtering- Knowledge of IDM and SIEM solutions. Show less

• 

  IBTECH A.S.

  Aug 2008 - Mar 2018

  Information Security Manager

  Responsible for information security management and directly works with CISO.- Develop information security strategy aligned with business goals and objectives.- Identify legal and regulatory (BDDK) requirements affecting information security.- Develop and maintain plans to implement the information security strategy.- Establish and maintain information security policies, standards and procedures.- Develop information security architectures (people, process, technology).- Perform risk management activities including assessment, treatment and reporting.- Integrate information security requirements into software and infrastructure projects.- Provide information security advice and guidance in the organization.- Coordinate and track information security committee activities.- Design and develop program for information security awareness, training and education.- Perform third party security assessments and integrate security requirements into contracts.- Monitor and evaluate the effectiveness and efficiency of information security controls.- Develop processes for detecting and responding to information security incidents.- Identify root causes of incidents, manage corrective and preventive actions. Show less

• 

  SOCAR Türkiye

  Mar 2018 - Jul 2024

  Head of Information Security

  Responsible for Information & Cyber Security function at SOCAR Turkey and group companies (Including Petkim, Star Rafineri, Kayserigaz and Bursagaz) * Leading Information Security Management and Cyber Security Services departments.* Develop and implement security strategy, roadmap, policies and procedures* Establish governance framework, security organization and responsibilities.* Implement and maintain ISMS/ISO27001, perform risk management activities* Evaluate and implement security controls to comply with EPDK/KVKK/CBDDO requirements.* Design security metrics and dashboards to monitor effectiveness of security controls.* Implement and operate cyber defence center to detect and respond incidents.* Design and delivery of security services for IT & OT/ICS (industrial control systems) including; ◦ Log management (SIEM), SOAR, DB auditing, integrity monitoring, SAP security. ◦ EDR & NDR (endpoint / network detection response) & mobile (ios/android) threat defense. ◦ Data classification, discovery, DLP (data leakage prevention). ◦ Cyber threat intelligence, APT sandbox, breach & attack simulation, phishing simulation. ◦ Vulnerability assessments, application security testing and penetration tests. Show less