Skip to main content

Hatice Baskaya

Director | Cyber Governance and Compliance

Hatice joined Deloitte Luxembourg in 2015 and currently serves as Director in Cyber Governance and Compliance for the financial sector.

Hatice has extensive experience in Information and Communication Technology (ICT) Risks including Cyber Risks in Financial Sector. Hatice has developed experience not only Luxembourg Regulations but also European Regulations related to ICT and Cyber domains.

Hatice has in depth expertise on the following areas:

  • the risks and regulatory requirements related to ICT, Security, Cyber, Outsourcing and Cloud Computing (e.g. Digital Operational Resilience Act, AI Act, NIS2 Directive, EBA/ESMA/EIOPA Guidelines etc.),
  • compliance gap assessments for current & target IT operating models according to applicable regulatory frameworks and desired standards/framework such as ISO, NIST, COBIT, ITIL etc.
  • preparation of remediation roadmaps for the desired compliance or maturity level and assistance in the implementation of the remediation roadmap (e.g. designing and implementation of ICT risk management framework, incident management framework, third party risk management framework, security controls design and implementation, business continuity management process, identification of critical or important functions etc.)
  • regulatory authorization/notification files preparation and providing recommendations to address the gaps identified.
  • designing and implementing governance frameworks for managing ICT, Security, Cyber & Third Party risks and evaluating the design and effectiveness of the controls implemented to address those risks including in the scope of Financial Statements Audit (General IT Controls, Automated Controls, Interface Controls), IT Internal Audit and Third Party Assurance (ISAE 3402, ISAE 3000 and SOC1/SOC2 reports).
  • IT Due Diligence during M&A and transition processes.

Prior to joining in Deloitte Luxembourg, Hatice worked for Deloitte Turkey in IT Risk Advisory and for Odeabank Turkey (member of Bank Audi Group in Turkey) leading the IT Audit Department.

Hatice holds an Information Systems Engineering degree from Bogazici University and State University of New York - Binghamton University dual diploma program and certifications in Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), ISO 27001 Lead Auditor, ISO 22301 Lead Auditor/Lead Implementor, ITIL v3 Foundations, Certificate of Cloud Security Knowledge and PRINCE 2. She is fluent in English and Turkish.