SHAH SHAHID
Summary
A highly motivated cyber security professional with hands-on expertise in research and incident response activities, experienced in enhancing enterprise protection through the application of detection methods. Proven track record as a Third-Party Risk Management Analyst conducting risk assessments, reviewing critical risks with clients, providing recommendations and conducting audits. Strong analytical and problem-solving skills, with a keen attention to detail.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Third Party Risk Management Analyst
Ford Motor Company
09.2022 - Current
- Conducted risk assessments for multiple clients using variety of tools and methodologies
- Reviewed critical risks with clients and provided recommendations for mitigation
- Proven ability to work independently and in teams by leading client meetings, conducting assessments, and collaborating with teams to align risk management with business goals
- Utilized Prevalent tool for review of assessments
- Communicated effectively with clients and internal stakeholders to ensure thorough understanding of risk
- Maintained and developed relationships with key clients and partners
- Evaluated various compliance reports, including SOC 2, TISAX, ISO 27001, and aligned them with SIGLITE
- Assisted in development of training programs for clients and internal stakeholders
- Collaborated with cross-functional teams to ensure alignment of risk management strategy with overall business objectives
- Conducted follow-up audits after clients completed assessments to ensure compliance and risk management processes were implemented effectively.
Senior Security Analyst
Ankura
12.2020 - 09.2022
- Developed and maintained incident response plans in accordance with NIST 800-53 & 800-61
- Conducted third-party risk assessments using SIGLITE questionnaire, reviewing SOC2, HIPPA, PCI and ISO 27001 reports
- Held regular follow-up meetings with clients to review assessments and open risk items
- Conducted internal audits identifying gaps in incident response and disaster recovery plans, documents
- Provided vulnerability management audits, monitoring patching, communicating with app owners, reporting patch updates
- Conducted risk and control assessments on third-party security tools (AV/EDR), provided reports to stakeholders
- Maintained relationships with vendors, led weekly meetings to ensure timely completion of vendor risk assessments
- Collaborated with subject matter experts during discovery sessions to understand and validate content for information security policies
- Evaluated new cyber threats and vulnerabilities and determined if additional safeguards or watchlist need to be implemented
Information System Security Analyst
VeriSign, Inc
08.2015 - 08.2019
- Conducted risk assessments on organization and information systems based on security policy and best practices
- Developed incident response protocols for SOC team to initiate during different exploits
- Provided monthly testing and training to assure accurate responses for real-life scenarios
- Served as primary point of contact for end-users in relation to information security
- Implemented Risk Management Framework (RMF) in accordance with NIST SP 800-37
- Developed, reviewed and updated Assessment & Authorization deliverables, including SSP, SAR, and POA&M
- Monitored and conducted Security Control Assessment to ensure all controls meet security requirements as per SSP and NIST SP 800-53 Rev4
- Aligned with engineers and administrators to identify network devices, ports, diagrams and discuss security control implementations
- Advised Information System Owner (ISO) of security impact levels for Confidentiality, Integrity and Availability (CIA) in accordance with FIPS 199 & NIST SP 800-60
Security Analyst
VeriSign, Inc
01.2012 - 08.2015
- Led documentation efforts for security policies, procedures, and guidelines, ensuring alignment with industry best practices and regulatory requirements
- Implemented and maintained basic security controls based on industry standards and frameworks, including NIST Cybersecurity Framework
- Worked closely with MSSP to develop and enhance incident response plans and procedures, aligning with NIST incident response guidelines
- Conducted vulnerability assessments to identify and remediate security weaknesses, leveraging industry tools and techniques
- Assisted in security awareness training initiatives to educate employees on fundamental security practices and promote culture of security
- Designed and conducted phishing awareness and training programs to educate employees on identifying and mitigating phishing attacks, resulting in significant decrease in successful phishing attempts and improved overall cybersecurity awareness within organization
- Engaged in continuous monitoring and auditing of security controls to ensure compliance with NIST and other relevant frameworks.
Education
Bachelor's - Business Administration
American Public University
Charles Town, WVSkills
- Experienced in implementing security controls, security infrastructure, and risk management framework life cycle
- Proficient in reviewing compliance reports such as NIST, SOC 2, TISAX, ISO 27001, HIPPA and SIGLITE
- Cross-Functional Collaboration: Aligned risk strategies with business objectives Collaborated with stakeholders and external teams
- Incident Response: Designed and managed protocols for swift incident handling Conducted internal audits to identify response gaps
- Vendor Management: Strong relationships with vendors Led meetings to address risk items promptly
- Proficient in using vulnerability management tools such as Tenable and Carbon Black Cloud Audit & Remediation
- Experienced in conducting third-party risk management assessments
- Strong understanding of TCP/IP, computer networking, routing, and switching
- Skilled in conducting risk assessments, audits, and risk management
Certification
· CCSK (Certificate of Cloud Security Knowledge)
· EC-Council CEH (Certified Ethical Hacker)
· CompTIA Security+
· ISACA CISA (Certified Information Systems Auditor)
· ISACA CRISC (Certified in Risk and Information Systems Control)
Timeline
Third Party Risk Management Analyst
Ford Motor Company
09.2022 - Current
Senior Security Analyst
Ankura
12.2020 - 09.2022
Information System Security Analyst
VeriSign, Inc
08.2015 - 08.2019
Security Analyst
VeriSign, Inc
01.2012 - 08.2015
Bachelor's - Business Administration
American Public University
· CCSK (Certificate of Cloud Security Knowledge)
· EC-Council CEH (Certified Ethical Hacker)
· CompTIA Security+
· ISACA CISA (Certified Information Systems Auditor)
· ISACA CRISC (Certified in Risk and Information Systems Control)
Similar Profiles
Zsuzsanna Pragerne DveriZsuzsanna Pragerne Dveri
Plant Manager's Executive Assistant, HR Associate at Ford Hungary Ltd - Ford Motor CompanyPlant Manager's Executive Assistant, HR Associate at Ford Hungary Ltd - Ford Motor Company
ARUN KUMAARARUN KUMAAR
Manager at Ford Motor Company, Ford International Markets GroupManager at Ford Motor Company, Ford International Markets Group
Jose Sebastian IslasJose Sebastian Islas
Finance Analysis on Legal Entity Team at Ford Motor CompanyFinance Analysis on Legal Entity Team at Ford Motor Company