Ilknur Topcu
Information Security Officer - OSCE Secretariat
Please tell us about your professional background. Where have you worked before coming to the OSCE and what did you do?
As the Information Security Officer at the Risk Management, Compliance, and Information Security (RMCIS) Unit in the Department of Management and Finance (DMF), I am responsible for overseeing the Organization’s information security framework and supporting its alignment with OSCE-wide risk management, compliance, and internal control objectives. My work involves establishing policies, developing methodologies, and implementing risk-based approaches to ensure the confidentiality, integrity, and availability of OSCE information assets.
My responsibilities include designing and executing risk assessment and compliance assurance programs and facilitating the sharing of knowledge and best practices across the OSCE. I act as the focal point for information security, contributing and coordinating OSCE wide on the approaches needed to secure the OSCE information security. while contributing to inter-agency initiatives, such as the United Nations Information Security Special Interest Group.
Before joining the OSCE, I served as Information Risk Manager at ING DiBa, where I acted as trusted Information Risk Manager (IRM) –Business Continuity Manager (BCM) who directs, advises and supports the identification, analysis and mitigation of risks to the organization. Prior to that, I was a Senior Manager at Cognosec GmbH, leading international data security consulting and audit projects. Throughout my role, I have been involved in many international Information Security consultancy and data security audit projects. My career began at PwC, where I developed a solid foundation in financial auditing, internal control, and governance, later transitioning to internal audit roles for international subsidiaries.
What’s your academic background? How does it align with the career you developed?
I hold a Master of Business Administration (MBA) from the Slovak University of Agriculture in Nitra and a Bachelor of Arts in Business Administration from Marmara University. Additionally, I have enriched my expertise with the following certifications:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- COBIT 5 Foundation
- PCI Qualified Security Assessor (QSA)
- Establishing and Auditing a Business Continuity Management Structure
- Information Security Systems Management (ISMS) Training
- Certified EU GDPR Data Protection Officer
These credentials, coupled with my academic background, have equipped me with advanced skills in information security, risk management, and compliance frameworks, aligning seamlessly with my current role at the OSCE.
Where are you based now and what do you like most about your current job at the OSCE?
I have been working at the OSCE Secretariat since 2020. I am coming from the consulting industry, which is highly agile and dynamic, and I am dedicated to adding new perspectives and additional value to the RMCIS unit with my experience spanning over 14 years.
One of the most rewarding aspects of my role is collaborating with diverse stakeholders from various cultural and professional backgrounds to strengthen the OSCE’s compliance and information security practices.
My second line of defense experience, combined with a strong understanding of OSCE's Common Regulatory Management System (CRMS), positions me to provide valuable insights and improve overall performance. The opportunity to contribute more broadly to RMCIS, integrating my expertise in risk management, compliance, and information security, excites me.
Throughout my career, I have gained deep insights into risk management, internal controls, and information security, which I apply daily to support OSCE’s objectives and strengthen its resilience. It is an honor to be able to contribute to risk management, compliance and information security issues in the world’s largest regional security organization.
What type of advice would you give to applicants considering international civil service?
After becoming a mother, my perspective on my career changed, and I decided to pursue a role within an intergovernmental organization (IGO). During that time, I learned about the OSCE and was inspired to join this amazing organization. In 2019, I participated in the Recruitment Boot Camp organized by the Department of Human Resources. The Boot Camp significantly improved how I refined my application, enabling me to translate my private sector experience into a format suited for an international organization environment and better prepare for interviews.
I highly recommend that all applicants explore the Webinar Outreach Program to gain a deeper understanding of the application process.
Working at the OSCE is a unique experience that provides opportunities to collaborate with professionals from 57 participating States. Transitioning from the private sector to an international organization requires stepping out of your comfort zone, but it is an incredibly rewarding journey. The OSCE offers an exceptional platform to make a difference and develop new dimensions in your career.