Minhaz Shaikh

• Handling multiple clients with different requirements such as security policies assessment, reporting and maintaining GRC topics, VM/ WAS scan.
• Led Vulnerability Management, Patch Management, and remediation tracking to mitigate cyber threats.
• Established and enforced corporate policies, security controls, and compliance procedures to enhance data protection and regulatory adherence.
• Identified, assessed, and mitigated cybersecurity risks, ensuring proactive security measures running permanent supervision controls and getting risk identified and accepted, documented.
• Having good experience into banking domain and healthcare Infra security and compliance.
• Ensured IT infrastructure compliance with respect to ISO27001 ISMS.
• Managed security controls implementation (Firewalls, SIEM, IAM, EDR, DLP, WAF) to meet compliance mandates.
• Implemented Zero Trust Security Model to enhance infrastructure protection.
• Governance on internal access management to practice (RBAC role-based access control)
• Handling governance on SOC VM report to be vigilant on remediation as per company policy which help in keeping open vulnerabilities to aging.

• Developed and implemented IT security governance frameworks aligned with industry standards example ISO 27001.
• Maintained compliance with industry regulations while adapting best practices as needed.
• Engage with Pentesters for POC on SEC patches related to critical CVE has available exploits and has direct impact to business and control it ahead of time.
• Managed Third-Party Risk Assessments (TPRM) and vendor security evaluations to ensure compliance with security frameworks.
• Work closely with SEC heads and directors to foresee upcoming issues and fixing it with help of NIST, SOC tools like Qualys/ Trend Micro, SIEM for secure banking operations.
• Designed Security Policies, Standard Operating Procedures (SOPs), and compliance checklists for regulatory adherence.
• Managed quality assurance program, including on-site evaluations, internal audits and customer surveys.
• Work closely with Regulators like as per clients region and local authorities following IT standards and best practice guidelines.
• Managing Large Team with Large clients to implement, delivery on security space majorly on GRC, Penetration Testing, IDS/IPS for Infra SOC, SIEM.
• Projecting KPI , KRI to CISO and business Heads and as having hands on experience on IT infrastructure domain guide to technical teams with solutioning for fix as per MAITRE ATT$CK.

• Responsible for managing SOC team dealing with Threat detection using Qualys for Global servers and communicating for permanent fix.
• Handling Infra about 50K assets globally Includes all OS, Application Middleware security using virtual security patches from TrendMicro as 1st step of remediation and work with teams for permanent fix.
• Monitored systems for intrusions or denial of service attacks and reported security breaches to appropriate personnel.
• Working on Risk Control using Internal tools as part of PS Controls for Bank.
• Managing SEC Product as SOE for Global 1st phase patching solution and strictly monitor for compliance through out year and also regularly do 3rd party tool assessment.
• Work closely with Regulators like GDPR, NYDFS, HARIBO and submits compliance and audit report related to SEC on applications/ servers with help of NIST framework tools to help reporting.
• Created and yearly updates Mitre ATT&CK frame work to understand an activities and task related to SEC tools would cover which areas and which areas are Grey to be address in future.
• Responsible for Scanning of vulnerabilities producing /publishing dashboard to respective business lines for fix and following up.
• Resolved problems, improved operations and provided exceptional service.
• Cross learning with other security teams and sharing the findings on zero day vulnerabilities for fix
• Work closely with SEC heads and directors to foresee upcoming issues and fixing it with help of NIST, SOC tools like Qualys/ Trend Micro , SIEM for secure banking operations
• Managed quality assurance program, including on-site evaluations, internal audits and customer surveys.

• Collaborated with cross-functional development team members to analyze potential system solutions based on evolving client requirements.
• Tested troubleshooting methods, devised innovative solutions, and documented resolutions for inclusion in knowledge base for support team use.
• Worked closely with global stakeholders to understand and deliver as per their requirements.
• Resolved issues and escalated problems with knowledgeable support and quality service.
• Standardized job tasks and trained junior team members on industry best practices and standards.

• Maintained websites for branches of global intranet applications and web clients through digital platform
• Configured and purchased domains for websites.
• Troubleshot issues with websites and fixed scripting and use issues.
• Designed graphics for website decoration and layout.
• Participated in continuous improvement by generating suggestions, engaging in problem-solving activities to support teamwork.
• Reduced unplanned outages and maintained 99% of availability of web sites and web applications by identifying issues and resolving it during first time monitoring provided strategic solutions for implementing redundant systems and clustering for high availability

• Quickly learned new skills and applied them to daily tasks, improving efficiency and productivity.
• Resolved problems, improved operations and provided exceptional service.
• Tuned system performance to optimize efficacy of new and existing hardware components.
• Installed system-wide hardware components, confirming interoperation and compatibility with Linux-based software distros.
• Conducted testing and troubleshooting for various software remotely and onsite for server sets to maintain operational readiness.