Serdar Colak - Consultant

Q: Where is Serdar based?

Serdar is based in Cologne, Germany .

Q: What languages does Serdar speak?

Serdar speaks the following languages: Turkish (Native), English (Advanced), German (Elementary) .

Q: How many years of experience does Serdar have?

Serdar has at least 19 years of experience. During this time, Serdar has worked in at least 5 different roles and for 5 different companies . The average length of individual experience is 4 years and 9 months . Note that Serdar may not have shared all experience and actually has more experience.

Q: What is Serdar's latest experience?

Serdar's most recent position is Consultant at Freelance .

Q: What companies has Serdar worked for in recent years?

In recent years, Serdar has worked for Freelance , SoSafe , and Credit Bureau of Turkey .

Q: Which industries is Serdar most experienced in?

Serdar is most experienced in industries like Banking and Finance , Information Technology (IT) , and Professional Services .

Q: Which business areas is Serdar most experienced in?

Serdar is most experienced in business areas like Information Technology (IT) , Audit , and Project Management . Serdar also has some experience in Marketing , Sales , and Strategy and Planning .

Q: Which industries has Serdar worked in recently?

Serdar has recently worked in industries like Banking and Finance , Information Technology (IT) , and Professional Services .

Q: Which business areas has Serdar worked in recently?

Serdar has recently worked in business areas like Audit , Information Technology (IT) , and Project Management .

Recommended expert

Cologne, Germany

Experience

Jun 2024 - Present

1 year 9 months

Cologne, Germany

Consultant

Freelance

ISO 27001 implementation & audit readiness
NIS2 & DORA compliance support
Interim / fractional CISO services
IT risk & controls (ITGC, SOX, COBIT, BAIT)
M&A and IT due diligence for startups/ventures
Business continuity management (BCM, ISO 22301)
Cybersecurity framework development (NIST, ISO, BSI)
GRC tool advisory (Archer, ServiceNow)

Mar 2024 - Present

2 years

Cologne, Germany

Senior Advisor

SoSafe

Provide strategic advice on market entry and growth opportunities in the Middle East and Turkey
Collaborate with sales and marketing teams to tailor offerings to regional market needs
Establish and maintain relationships with key stakeholders and potential clients in the Middle East and Turkey
Develop and execute go-to-market strategies to increase SoSafe’s presence and market share in these regions

Apr 2013 - Sep 2023

10 years 6 months

İstanbul, Turkey

Chief Risk and Security Officer

Credit Bureau of Turkey

Built and led 50+ FTE across risk management, information security, BCM, IT governance & compliance, 24/7 cyber defense center, enterprise/IT process management, sustainability, RPA, and audit coordination for HQ (Istanbul) and Turkey’s largest financial data center (Ankara)
Initiated and developed all departments under responsibility from scratch, assembling and leading one of the largest teams in HQ Istanbul and the biggest service-providing datacenter in Turkey, in Ankara
Chaired the Risk Management, Business and IT Continuity, Information Security, Sustainability, ISO Coordination and Enterprise & IT Process Management Committees
Served as a member of the Audit Committee with the heads of internal audit & continuous monitoring
Implemented and managed various IT risk & compliance and cybersecurity infrastructures, processes, and teams, achieving recognition as the “Best Security Team” by FireEye
Spearheaded the design and implementation of one of Turkey's largest data centers, ensuring alignment with BCM and IT risk & compliance and security standards
Founded and managed one of the first 24/7 Cyber Defense Centers in Turkey
Implemented certification processes for ISO 27001, ISO 22301, ISO 20000, ISO 14000, and ISO 31000 for HQ and the Anadolu Data Center
Developed and implemented a comprehensive BCM framework, including risk assessments and crisis planning
Architected and managed GRC infrastructure and processes (ServiceNow and RSA Archer), establishing a dedicated third-party risk assurance team
Sponsored and led an enterprise-level transformation project with IBM, implementing active-active architecture for primary systems to enhance resilience and service continuity
Acted as primary point of contact for IT audits, managing evidence collection, audit lifecycle, and closure of findings, and led audit readiness and remediation programs for ISO, ISAE 3402, COBIT & ITGC
Coordinated IT and enterprise advisory projects, restructuring enterprise & IT functions and processes using best practices (Agile, ITSM, Lean)
Implemented and managed an RPA framework and fully functioning RPA team
Led the Digital Transformation in Enterprise Processes Project, converting business processes into an analyzable and measurable BPM platform
Created an operational performance measurement platform (KPI/KRI dashboards)
Initiated and implemented an OKR-based corporate strategic management program for business and IT
Established a sustainability framework and reporting system, including pioneering the world's first carbon footprint calculation for a data center
Led M&A and IT due diligence for fintech/startups; evaluated architecture, security, data protection, scalability, regulatory fit; defined remediation plans and integration paths
Designed and operated a startup enablement program providing no-cost IaaS/PaaS capacity in the Anadolu Data Center with onboarding controls, tenancy isolation, guardrails, and exit policies
Led finance sector events, bringing together key decision-makers in information security
Coordinated the BCM community, fostering collaboration and knowledge exchange among industry professionals
Organized and led gatherings with the Disaster Recovery Center of Turkey, sharing best practices and advancing disaster recovery and crisis management strategies

Dec 2007 - Apr 2013

5 years 5 months

İstanbul, Turkey

Manager: Risk Assurance Services

PwC

Orchestrated the direction and expansion of PwC's IT advisory and IT audit services within the RAS team, leading projects across financial services, technology, communications, entertainment, and consumer & industrial sectors
Championed IT governance, IT security, IT strategy, IT service management, IT organization design, IT risk management, IT audit, internal control, enterprise risk management, regulatory compliance, and IT efficiency
Managed and executed IT advisory and audit projects for local and international banks and financial institutions (Deutsche Bank, WestLB, JP Morgan Chase, Millennium BCP, Eurobank, National Bank of Greece, Isbank), focusing on enhancing IT governance and security & risk management frameworks
Led digital transformation projects reshaping IT organizational structures, business models, operating processes, IT frameworks, and vendors using cutting-edge technologies
Spearheaded business and IT continuity audits and advisory projects, developing robust resilience frameworks including information security continuity processes
Led efficiency projects for IT management services, enhancing operational effectiveness and optimizing resource utilization
Conducted compliance assessments and strategic implementations of COBIT, ITIL, ISO 27001, ISO 22301, BS25999, ISAE 3402, and Sarbanes-Oxley Act
Directed cybersecurity professionals in penetration tests, vulnerability identification, and actionable remediation strategies
Instructed courses on ISO and COBIT implementation, operational effectiveness in IT, and IT general controls and IT audit

Sep 2006 - Sep 2007

1 year 1 month

New York, United States

Senior Consultant / Business Analyst

Satreno Consulting

Excelled in SAP BW&BI for financial reporting and analytics, advancing clients' financial data processing and reporting frameworks
Developed functional specifications for ERP enhancements, focusing on interfaces, customizations, and data conversions
Orchestrated the ERP project lifecycle from analysis and conceptual design through development, testing, deployment, and post-implementation support
Developed documentation capturing system processes and user guides, and led end-user training sessions to ensure smooth transitions and sustained operational excellence

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Banking and Finance (16 years), Information Technology (8.5 years), and Professional Services (8.5 years).

Banking and Finance

Information Technology

Professional Services

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (18.5 years), Audit (17.5 years), Project Management (11.5 years), Marketing (2 years), Sales (2 years), and Strategy (2 years).

Information Technology

Audit

Project Management

Marketing

Sales

Strategy

Summary

Visionary leader with deep expertise in IT Risk and Information Security developed through Big Four consulting and impactful leadership roles in financial services. Proven ability to lead and scale high-performing teams, develop new service lines, and advise C-level executives on regulatory and strategic matters across Europe and the Middle East.

Skilled in aligning IT risk with business goals, building resilient GRC frameworks, and driving innovation in regulated environments. Recognized with global awards for excellence in business continuity, information security, and IT governance.

Extensive experience with ISO standards (27001, 22301, 31000), ITIL, COBIT, SOX, PCI-DSS, ISAE 3402, SOC 2, and GRI. Trusted advisor in boardrooms, known for turning complex technical challenges into strategic growth opportunities.

Skills

It Risk Management
Enterprise Risk Management
It & Business Continuity
Information Security Management
Cyber Defense Center /Soc
It Compliance & Audit /Cisa
Cobit
Grc
Iso 27001
Iso 22301
Iso 31000
Pci-dss
Iso 14000
Togaf
It Enterprise Architecture
Data Privacy
Isms / Bcms
Itsm / Itil
Sustainability /Gri
Resilience
Sox Compliance
Isae 3402 / Soc 2
It Governance
It Strategy
Ccm
Rpa
Okr

Languages

Turkish

Native

English

Advanced

German

Elementary

Education

Oct 2007 - Jun 2009

Bogazici University

Master’s Degree · Management Information Systems · İstanbul, Turkey

Oct 2003 - Jun 2006

Istanbul Technical University

B.S., valedictorian · Economics · İstanbul, Turkey

Oct 2003 - Jun 2006

State University of New York

B.S., valedictorian · Economics · New York, United States

...and 1 more

Certifications & licenses

CISA

ISO20000

ISO22301 L.A

ISO27001 L.A

ISO31000

ITIL

TOGAF

Profile

Created

February 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Serdar based?

Serdar is based in Cologne, Germany.

What languages does Serdar speak?

Serdar speaks the following languages: Turkish (Native), English (Advanced), German (Elementary).

How many years of experience does Serdar have?

Serdar has at least 19 years of experience. During this time, Serdar has worked in at least 5 different roles and for 5 different companies. The average length of individual experience is 4 years and 9 months. Note that Serdar may not have shared all experience and actually has more experience.

What roles would Serdar be best suited for?

Based on recent experience, Serdar would be well-suited for roles such as: Consultant, Senior Advisor, Chief Risk and Security Officer.

What is Serdar's latest experience?

Serdar's most recent position is Consultant at Freelance.

What companies has Serdar worked for in recent years?

In recent years, Serdar has worked for Freelance, SoSafe, and Credit Bureau of Turkey.

Which industries is Serdar most experienced in?

Serdar is most experienced in industries like Banking and Finance, Information Technology (IT), and Professional Services.

Which business areas is Serdar most experienced in?

Serdar is most experienced in business areas like Information Technology (IT), Audit, and Project Management. Serdar also has some experience in Marketing, Sales, and Strategy and Planning.

Which industries has Serdar worked in recently?

Serdar has recently worked in industries like Banking and Finance, Information Technology (IT), and Professional Services.

Which business areas has Serdar worked in recently?

Serdar has recently worked in business areas like Audit, Information Technology (IT), and Project Management.

What is Serdar's education?

Serdar holds a Master in Management Information Systems from Bogazici University, a Bachelor in Economics from Istanbul Technical University and a Bachelor in Economics from State University of New York.

Does Serdar have any certificates?

Serdar has 7 certificates. Among them, these include: CISA, ISO20000, and ISO22301 L.A.

What is the availability of Serdar?

Serdar will be available full-time from March 2026.

What is the rate of Serdar?

Serdar's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.