Cesur C.

Cyber/IT Audit VP

MUFG

Dec 2024 - Present • 1 yr 5 mos

• Lead and support the design of the $500M+ global cybersecurity audit portfolio spanning across different regions (Americas, Europe, and Asia), ensuring audit coverage aligns with enterprise technology and cyber risks resulting in 20% reduction in overall residual IT/cyber risk. • Partner with first line and second line teams to evaluate cyber risk exposure and challenge risk ratings based on threat intelligence and control effectiveness. • Assess AWS and Azure cloud environments including IAM design, encryption controls, key management, network segmentation, container security, and infrastructure-as-code configurations. • Drive automation and AI-enabled audit initiatives (SQL, Python, Alteryx), reducing manual audit effort by ~25% while improving risk identification coverage across key control areas. • Develop and report cybersecurity Key Risk Indicators (KRIs) to executive leadership and audit committees, highlighting trends in vulnerability exposure, privileged access risk, and remediation effectiveness. • Oversee validation of Management Action Plans (MAPs), ensuring remediation actions were sustainable and effectively reduced residual cyber/IT risk. • Led enterprise cybersecurity audits as Auditor in Charge (AIC) across Threat & Vulnerability Management, Patch Management, Active Directory security, Ransomware Awareness, Privileged Access Management (PAM), and cloud infrastructure controls aligned to zero trust principles. • Effectively coach, teach, mentor, and develop analyst and AVP level colleagues across all aspects of their role, the audit and analytic lifecycle, audit methodology and best practices of cybersecurity.

IT Audit Manager

Protiviti

Nov 2022 - Nov 2024 • 2 yrs

• Managed cybersecurity focused engagements for Fortune 500 companies across financial services and technology sectors, delivering risk-based IT/cybersecurity audit and advisory services valued at $1.5M+ annually. • Conducted cloud security assessments (AWS/Azure), evaluating IAM configurations, encryption controls, logging and monitoring, which decreased privilege escalation and data exposure risk by ~30% • Reviewed enterprise vulnerability management programs including scanning coverage, risk-based prioritization models, remediation SLAs, and executive reporting processes. • Facilitated cybersecurity risk assessments and control design workshops with first-line technology and security teams. • Led multidisciplinary teams of 2-4 auditors through full audit lifecycle (planning, fieldwork, reporting) for complex technology audits including cloud security assessments, IAM reviews, and cybersecurity controls evaluation. • Developed cybersecurity KRIs and executive reports which include trends in vulnerability exposure, privileged access risk, and remediation effectiveness, enhancing board-level visibility and supporting risk appetite alignment.

Senior IT Auditor

Turkish Airlines • Full time

Jul 2017 - Nov 2022 • 5 yrs 4 mos

Directed enterprise-wide IT audit program covering global operations across 50+ countries, managing annual audit plan encompassing IT general controls, application controls, and business process audits. Led high-impact audit engagements for critical business functions including $15B+ insurance portfolio, baggage management systems, treasury operations, and HR systems, identifying control deficiencies that mitigated $2M+ in potential losses.