AZAM SHAIK
Hyderabad
Summary
- Having Extensive 11 + years of experience in the IT industry and IT domain, as Cyber Security,Business Analyst - 3.4 Years & Cyber Security- 6 + Years &Technology, SDLC, SIEM, JIRA, Agile, Waterfall Model, Power BI, ServiceNow, TPRM, ITIL, NIST, ITRMS expertise sound level of experiences I have
- As a Senior Manager, ITRMS - IT Risk Management System Cyber Defense and Analytics in the field of Cyber Security Provide strategic leadership for cyber defense and IT risk management by aligning security priorities with business objectives, regulatory requirements, and enterprise risk appetite.
- Expertise in SOC - Security Operations Centre handles Operations Methodology such as Incident Handling, Threat Detection, Network Traffic Monitoring, Direct the use of security analytics and SIEM platforms such as IBM Q Radar, Splunk, to enable executive risk visibility and informed decision-making.
- Expertise in Analysis and investigation skills, such as malware analysis, Phishing Email Analysis, Network, Endpoint, Windows, and Linux Operating Systems.
- Experience direct Third-Party Risk Management and Vendor Risk Management programs, including security assessments, control validation, remediation tracking, and vendor risk governance.
- Responsible for monitoring security alerts. Analysis of logs generated by appliances, investigation, and assessment on whether the incident is a false positive or a false negative. Perform risk analysis and security operations to find any vulnerability that can have an impact on the company. and I've also had exposure to the TPRM (Third-Party Risk Management) or VRM (Vendor Risk Management) module
- I have a good knowledge in IAM & PAM Solutions, too even I have some basic overview on SAP Security & GRC as well ETD (Enterprise Threat Detection)
- Apart from Data Security Tools like Forcepoint for DLP and Boldon James for data classification. I'm familiar with how these tools help in securing sensitive information, enforcing data handling policies, and ensuring compliance by classifying and protecting data at rest, in motion, and in use.
- Act as a senior stakeholder for internal and external audits, regulatory assessments, and compliance initiatives aligned with NIST, ISO 27001, ITIL, and MITRE ATTACK frameworks. Recognized as a trusted senior leader focused on cyber resilience, risk optimization, leadership development, and enabling secure, compliant business growth.
- Direct vulnerability lifecycle management across critical assets, implementing risk-based prioritization and accelerating remediation timelines.
Strategic Senior Manager in IT Risk Management and Cyber Defense. Provide leadership for cyber resilience by aligning security priorities with business objectives and regulatory requirements. Direct threat detection initiatives and incident governance, enhancing organisational security posture through advanced analytics and proactive risk management. Strategic Senior Manager in IT Risk Management and Cyber Defense. Provides leadership for cyber resilience by aligning security priorities with business objectives and regulatory requirements. Directs threat detection initiatives and incident governance, enhancing organisational security posture through advanced analytics and proactive risk management.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Manager, ITRMS Cyber Defense and Analytics
Merck & Co. (MSD)
Hyderabad
12.2025 - Current
- Maintaining the constant communication with management, staff, and vendors to ensure proper operations of the organization such as receives and looks into alerts daily.
- Partner with executive leadership, technology, legal, compliance, and business teams to embed security and risk management into enterprise decision-making and operations.
- Lead cross-functional teams and influence stakeholders to mature threat detection, incident governance, and cyber defense capabilities across the organization.
- In-depth knowledge of security concepts such as cyber-attacks and techniques, Threat Vectors, Risk Management, Risk Assessments & Incident Management etc & Own enterprise wide cyber defense strategy across cloud and on-prem infrastructure, driving proactive risk reduction and control maturity.
- Lead threat detection engineering, designing and optimizing high-fidelity detection use cases aligned to MITRE ATT&CK tactics and adversary behaviors.
- Drive incident response governance for high-severity events including malware outbreaks, credential compromise, and data exfiltration attempts.
- Reduce detection gaps by improving log correlation, alert triage models, and false-positive suppression mechanisms.
- Deliver executive level cyber risk metrics, exposure dashboards, and remediation KPIs to senior leadership for strategic decision-making.
- Embed security controls into infrastructure changes, application deployments, and enterprise transformation initiatives.
- Strengthen security posture through control validation, attack surface analysis, and continuous improvement of detection coverage.
- I used work closely with GRC Security & Security Internal Audit who are belongs to Information Security department here I have Sound experiences & knowledge with Information security related work & its activity.
- Experience with regulatory compliance issues such as: SOX, HIPAA, PCI DSS, SOC1, SOC2, & ISO 27001, ISO 9001, ISO 14001& GDPR, CIS.
- Preparing weekly & Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation.
- Provides recommendations in tuning and optimization of security systems, SOC security process, procedures and policies Dedicated Information Security professional with hands-on experience in GRC, IAM, and security compliance, strengthened by knowledge of EBA, DORA, ISO 27001, and core security frameworks.
- Proven ability to translate security requirements into practical controls and support secure business operations.
Lead Security Engineer
MVA CORPORATE CONSULTANCY
Hyderabad
06.2020 - 11.2025
- Responsible for providing second-level support and leadership during security incident investigations as well as general guidance and mentoring to the SOC Analyst.
- Managing security alerts detected by security systems such as Intrusion Detection Systems (NIDS, HIDS), Log Monitoring, File Integrity Monitoring (FIM),DLP and Security Incident and Event Management (SIEM) systems LogRhythm.
- Recognize threats such as but not limited to DDOS, APT lifecycle (including Data exfiltration attempts.
- I worked with external vendors during scheduled red-team exercises for Testing tools I used Nessus and Qualys.
- Finding the Critical servers and application inventory from respective business owners and scheduling the scan weekly, monthly and Quarterly basis.
- Develop, implement, and maintain security policies, standards, and procedures in alignment with ISO 27001, SOX, and SOC2 requirements.
- Hands on experience with ITIL & NIST practices regarding incident, problem and change management. Report and investigate potential security incidents.
- Even I used Create Security Awareness program to the employee based on the requirements.
- Provide recommendations to clients for containment and eradication of threats.
- Maintain Intrusion Detection/Prevention signatures. Produce and update security operations processes and procedures.
- Provide training and guidance to SOC Security Analysts in the execution of their duties.
- Transfer knowledge to colleagues via delivery of training/mentoring and clear concise documentation.
Business Analyst
Perspective Digitals
Delhi
09.2016 - 04.2020
- Providing Streamline Product backlog, and sprint backlog as per daily inputs received and communicate the same to Cross-delivery teams.
- Requirement Analysis, Decomposition and documentation, and authoring of the user stories in JIRA as per requirement.
- Participated in daily Agile Scrum 'Stand-up', Biweekly Sprint Planning, and Retrospective Sessions and updated the team on the status of upcoming User Stories.
- Create/refine Epics, User Stories, and Tasks based on business decisions.
- Eliciting requirements from Business stakeholders regarding their business expectations.
- Have brainstorming sessions with customers on the explicit business workflows.
- Communicating necessary changes and development to stakeholders in meeting.
- Collecting and evaluating information gathered from various resources.
Education
MBA - Operations, Analytics, Market Research
ICFAI Business School, ICFAI University
Hyderabad01.2016
BCOM - Finance
Kakatiya University
Warangal01.2014
12th class - 12th Standard
Board of Intermediate Andhra Pradesh
Hyderabad01.2011
10th class - School
State Board Andhra Pradesh
Hyderabad01.2008
Skills
- JIRA
- HP ALM
- Rational Requisite Pro
- MS-Excel
- MS-Word
- MS-PowerPoint
- Visio
- Power BI
- KQL
- Linux
- Windows 2000
- Windows XP
- Windows 7
- Windows 10
- Windows 11
- Risk management
- Incident response
- Threat detection
- Security compliance
- Regulatory knowledge
- Cross-functional leadership
- Stakeholder engagement
- Cyber defense strategy
- Security policy development
- Executive reporting
- Team mentoring
- Agile methodology
- Incident governance
- Communication skills
- Vulnerability assessment
- Training and Development
- Leadership skills
- Decision-Making expertise
- Cost reduction and efficiency
- Project Management
- Data-driven decision-making
- Customer relationship building
- Strategic thinking
- Cross-functional team leadership
- Performance monitoring
- Strategic leadership
- Strategic planning
- Change management
- Negotiation
- Customer relationship management
- Leadership development
- Reporting management
- Business performance management
- Microsoft Excel
- Crisis handling
- Data analytics
- Department management
- Administrative procedures
- Project delivery reporting
- Technical project management
- Engaging leadership style
- Project oversight
- ISO standards compliance
- Performance metrics analysis
- Corporate governance
- Digital transformation projects
- Business intelligence software
- Product lifecycle management
Certification
- Introduction to Cyber Security, Cisco networking academy, 2022-11-21, No Expire
- End Point Security, Cisco networking academy, 2022-11-21, No Expire
- Cyber Threat Management, Cisco networking academy, 2022-11-22, No Expire
- Network Basics, Cisco networking academy, 2022-11-20, No Expire
- Cribl Certified User, Cribl University, 2026-01-07, 2026-01-07 to 2029-01-07
- Cribl Admin Stream, Cribl University, 2026-01-09, 2026-01-09 to 2029-01-09
- Cribl Admin Edge, Cribl University, 2026-01-13, 2026-01-13 to 2029-01-13
Accomplishments
- Gold medalist in 12TH Board Education Examinations of INDIA.
- Pratibha Award winner in board of Intermediate Education examinations.
- State 4th ranker in board of Intermediate education examination of Andhra Pradesh.
- Amul Vidya Bhushan Award for achievement of state 4th rank in board of Intermediate education examination of Andhra Pradesh.
Disclaimer
I hereby declare that the above-mentioned Information is true to the best of my knowledge and I bear the responsibility for any misapprehensions in the above-mentioned particulars.
Custom Section
IBM Q Radar, McAfee, Splunk, LogRhythm, Sentinel (knowledge), Nessus, MSSP, McAfee, Sophos, Microsoft 0365, McAfee, FortiGate, Mx Toolbox, IBM X-force, Virus Total, Windows, Linux servers, Force point, Boldon James
Timeline
Senior Manager, ITRMS Cyber Defense and Analytics
Merck & Co. (MSD)
12.2025 - Current
Lead Security Engineer
MVA CORPORATE CONSULTANCY
06.2020 - 11.2025
Business Analyst
Perspective Digitals
09.2016 - 04.2020
MBA - Operations, Analytics, Market Research
ICFAI Business School, ICFAI University
BCOM - Finance
Kakatiya University
12th class - 12th Standard
Board of Intermediate Andhra Pradesh
10th class - School
State Board Andhra Pradesh