Data Loss Prevention Tool (DLP)
Ceren UGURLU
Electronic And Communication Engineer / Cyber-Information Security
Istanbul
Summary
Security professional with robust background in managing and leading security teams to safeguard critical assets and environments. Known for implementing effective security protocols and strategies that align with organizational goals, ensuring comprehensive protection. Focuses on team collaboration and adaptability, consistently meeting evolving security needs with reliability and precision. Skilled in risk assessment, data protection, incident response and team leadership.
Overview
12
12
years of professional experience
4
4
years of post-secondary education
2
2
Certifications
2
2
Languages
Work History
Information Security Team Lead
BTCTurk Technology
Istanbul (Remote), Istanbul
03.2022 - Current
- Team Leadership and Management: Led a team of 5 engineers, providing both technical leadership and management guidance, ensuring the team was recognized as the fastest in response time and the best problem solvers, leveraging deep knowledge and experience to tackle complex challenges within the company
- Security Advisory and Risk Management: Collaborated with stakeholders to understand the company's objectives and needs, establishing a security advisory function that aligns with the company's risk tolerance while integrating it with the overall risk management approach and compliance monitoring across all areas
- Security Product Management: Managed security products including firewalls, IPS, DLP, and mail gateways, as well as overseeing Privileged Access Management (PAM) and Identity Management (IDM) solutions, including Cloudflare DDoS Protection, contributing to a more mature security posture
- Information Security Strategy and Governance: Participated in information security committee to define information security strategy, develop policies and procedures, and present security metrics to board of directors
- I am responsible for ISMS and integration of security solutions
- Continuous Security Architecture Improvement: Continuously improved the security architecture to adapt to emerging threats and challenges
- Streamlined communication between security staff and management, leading to faster resolution of issues.
- Increased efficiency of security operations through regular review and optimization of processes.
Information Security Manager
Pasha Bank
11.2019 - 03.2022
- ISO 27001 Certification: Initiated the ISO 27001 processes within one year and successfully achieved certification by the end of the year, implementing a comprehensive risk management and information security governance program for the company
- Attack Detection and Defense: Detect and defend against cyber attacks by analyzing security-related events and alerts through SIEM, while assisting in incident response, remediation, and mitigation activities
- Endpoint Protection Incident Management: Conduct incident investigation and management for endpoint protection solutions, including Endpoint Detection and Response (EDR), malware and antivirus, and XDR technologies, while deploying DLP management infrastructure and managing and tuning DLP policies and configurations
- Participation in Security Audits: Participate in information security audits conducted by external, independent auditors to ensure compliance with industry standards and regulations
- Security Risk and Vulnerability Assessments: Conduct security risk analyses and vulnerability assessments to identify and mitigate potential threats to the organization
- Risk and Information Security Management Systems Oversight: Responsible for the documentation, implementation, and ongoing maintenance of risk and information security management systems, acting as the Information Security Manager
Senior IT Security Engineer
Akbank
09.2017 - 11.2019
- Designed, implemented, and maintained secure network infrastructure, ensuring optimal performance, reliability, and protection against potential threats
- Ensured compliance with standards such as ISO 22301, ISO 27001, and NIST, while managing global data protection solutions
- Promoted a security-first mindset, embedding security considerations across all areas of the business and throughout each project's lifecycle
- Led security awareness and training initiatives, designing e-learning modules and educating employees at all levels about security risks and best practices
- Administered and managed security tools including Firewalls, DLP, IPS, SSL VPN, and Proxy solutions, ensuring their proper configuration, maintenance, and continuous security effectiveness
Information Security Specialist
Turkcell Global Bilgi
07.2016 - 09.2017
- Information Security Governance: Ensured alignment with organizational needs while incorporating legal, regulatory, and contractual requirements into security practices
- Information Security Risk Assessment and Response: Continuously evaluated the emerging risk and threat landscape, performed vulnerability and control deficiency analysis, and conducted general security risk identification and analysis
- Led product-level and PCI DSS security rule risk assessments, recommending appropriate risk treatment, reduction, acceptance, or response options
- Managed risk and control ownership, monitored risks, remediated gaps (often cross-functional), and reported findings to leadership
- Compliance with Information Security Standards: Ensured adherence to information security requirements and standards such as ISO 27001, GDPR, PCI DSS, COBIT, SOX, and internal audit frameworks
- Responded to information security issues throughout each stage of a project's lifecycle
Security Consultant
Komtera
10.2012 - 07.2016
- Provide consulting services to a diverse client base, specializing in Information Security-related projects and standards, with each project customized to meet the unique needs and environment of the client
- Lead security initiatives, including employee training, security infrastructure management, technology selection, risk analysis, and resolving complex security challenges in enterprise environments
- Plan, manage, and execute the installation and operation of key cybersecurity products, such as DLP, IPS, and Firewalls, ensuring their seamless integration and optimal functionality
- Configured corporate network security architecture to align with company-specific objectives and goals, ensuring secure and efficient network infrastructure
- Created and maintained comprehensive network documentation and topology diagrams, ensuring clarity and consistency in network design and configuration
- Managed and operated a range of security tools and products, including Juniper, Check Point, and FortiGate Firewalls, Web Proxy, SSL VPN, DDoS protection, and DLP solutions, optimizing their effectiveness and performance
- Diagnosed and resolved complex network issues, delivering prompt and effective solutions to minimize downtime and maintain continuous operations
Education
Electronic and Communication Engineering -
YILDIZ TECHİCAL UNİVERSİTY
Istanbul, IB 06.2009 - 09.2012
Electronic And Communication Engineering - undefined
NAMIK KEMAL UNIVERSITY
06.2008 - 06.2009
Skills
Data Protection
Compliance
Security Operations
Audit
Access control
Team management
Data protection
Compliance monitoring
Identity management
Patch management
Incident response
Network security
Mobile security
Policy enforcement
Penetration testing
Disaster recovery planning
Vendor risk management
Business continuity planning
Security awareness campaigns
Security strategy development
Security team management
Team leadership
Certification
CISM (ISACA- Certified Information Security Manager)
Membership
Member of a women's cooperative that supports production.
Personal Information
Date of Birth: 06/29/89
Attributes
- Strong problem-solving skills
- Effective communicator
- Keen understanding and ability to adapt to new challenges
Software
Fortigate Firewall
Cyberark PAM
Fortimail Gateway
Cloudflare DOOS
IDM
Websense Proxy
Titus Data Classification
Web Application Firewall
Timeline
Information Security Team Lead
BTCTurk Technology
03.2022 - Current
Information Security Manager
Pasha Bank
11.2019 - 03.2022
Senior IT Security Engineer
Akbank
09.2017 - 11.2019
Information Security Specialist
Turkcell Global Bilgi
07.2016 - 09.2017
Security Consultant
Komtera
10.2012 - 07.2016
Electronic and Communication Engineering -
YILDIZ TECHİCAL UNİVERSİTY
06.2009 - 09.2012
Electronic And Communication Engineering - undefined
NAMIK KEMAL UNIVERSITY
06.2008 - 06.2009