IT Audit Manager

Papara has been on a mission to create the best financial experience for its users. With over 22 million users, we are a leading fintech company based in Turkey. We provide fast, simple, affordable, and fun financial services. In short, we are the future of banking and finance.

We use design and technology to give our users the financial experience they deserve. Since we succeed nationally, we are now on a mission to bring our expertise to the global scale to make millions of transactions every day. 

Papara offers you an opportunity to use the latest technologies to build scalable, high-performing financial services by using the latest technologies. You will work in a fast-paced environment and be part of a team that constantly develops and renews itself. 

If you share that passion and believe in our mission, come and join us!

What You’ll Do?

- Lead and execute comprehensive IT audits, ensuring alignment with Information Systems Regulation and the annual audit plan.

- Manage and oversee security controls across software and hardware infrastructure, network security, and data management processes.

- Conduct in-depth security assessments and risk analyses of complex information systems to identify vulnerabilities and recommend mitigations.

- Ensure that web applications, APIs, and cloud services are developed and maintained in strict adherence to security policies and compliance standards.

- Define and enforce Secure Development Lifecycle (SDLC) standards, collaborating with product architects to ensure engineering teams follow best practices.

- Review and optimize IT processes, providing strategic recommendations for continuous improvements.

- Ensure timely resolution of audit findings, maintaining a strong feedback loop for continuous security enhancement.

- Stay ahead of emerging technologies, IT risks, and regulatory changes, particularly in the fintech sector, to strengthen the overall control environment.

- Collaborate effectively with external auditors and regulatory bodies on IT control audits and examinations.

- Report audit results and findings to the Board of Directors, ensuring transparency and clear communication of risks.

Who You Are?

- Bachelor's degree in Computer Engineering, Electrical/Electronics Engineering, Management Information Systems, or a related field.

- Over 8 years of experience in IT auditing or IT controls, with a focus on financial institutions or fintech environments.

- Deep understanding of software technologies, architecture, communication networks, operating systems, and security threats.

- Industry-recognized certifications (CISA, SPL Independent Audit License, CISM, ISO 27001, etc.) preferred.

- Expertise in control frameworks such as NIST, OWASP, COBIT, ISO 27001, and ITIL.

- Advanced knowledge in networking, TLS, mTLS, and network policies.

- Extensive experience with OWASP security best practices and Secure SDLC processes.

- Solid technical foundation in system and network security.

- Proficient in static code analysis, vulnerability management, and SDLC processes.

- Skilled in SAST, DAST, and SCA management tools (Invicti, Fortify, Xray, AttackFlow).

- Scripting knowledge (Python, PowerShell, JavaScript, etc.) and CI/CD process experience.

- Experience in API security, with a deep understanding of security protocols and solutions.

- Excellent verbal and written communication skills in English.

- Proven team management experience, with a strong focus on collaboration and leadership.

- Expertise in tracking technological advancements and applying them to security and risk management practices.

• Excellent communication skills, sense of urgency, accountability, and ownership,
• Strong problem-solving and analytical skills,
• Strong collaboration skills, responsive to project needs and demands in a fast-changing environment,
• Passion for learning and continuous improvement,
• Ability to work in a team environment as a reliable, responsible, and self-motivated team player,
• The first seat in every meeting and interaction always belongs to the user.
• Take ownership of every issue we are a stakeholder in and look at events beyond our responsibilities.
• As we bring our ideas to life, we pay attention to the details, research, discuss, and finally act quickly.
• We don't get stuck with traditional methods and popular opinions; we invent Papara-style ways of doing business.

• Market-competitive salary and pay-for-performance bonuses.
• Salary-based private pension plan with 3% company contribution.
• Transportation and meal allowance.
• We care about your professional development; you can use your learning budget on any platform.
• We care about you, private health & life insurance, a Gym in the office, and HPV vaccine.
• Free access to all Papara services, 10% cashback on Papara Card payments, and 20% cashback on bill payments via Papara. You can have a Metal Card for free.
• Technical equipment package that covers what you need. Internet allowance.
• Free platform memberships: Spotify, YouTube Premium, Netflix.
• Social activities: Happy Hours, Team Motivation Budget, Football Team, Sailing Team, Rowing Team, Cinema Club, Music Club, Travellers Club, Gastronomy Club etc.
• No politics; You will be a part of a team that focuses on productivity and success. You will have the opportunity to work in a dedicated team that cares about your development.
• We are against any form of discrimination. We believe that every individual has a unique personality.
• Green and pet-friendly campus, Basketball Court, Sleeping Room, and unlimited coffee.