Risk Management Supply Chain
Resume:
Edward Shah (CISM CISA)
Dallas, Texas +1-469-***-**** https://www.linkedin.com/in/edwardshah/
Highly experienced Management Professional with over 20 years of expertise in Project Management, environments and IT Professional Services Consulting across diverse industries. Proven track record of successfully leading global projects in sectors such as supply chain, healthcare, defense, Saas, Banking Computer Sector. Adept in managing large-scale implementations, improving IT governance, and ensuring regulatory compliance (HIPAA, PCI DSS, FedRAMP, NIST) Skilled in risk management, vulnerability assessments, and developing mitigation strategies. Proficient in modern DevSecOps practices, including secure coding, container hardening, and automated deployment using Copado and CI/CD pipelines. Strong background in cloud platforms, IT audits, and documentation of SSPs, RFQs, and SOW contracts. A collaborative leader with exceptional communication skills, driving seamless cross-functional teamwork across internal and external stakeholders. Holds multiple industry-recognized certifications, including PMP, CISM, and Salesforce Administration, showcasing technical and managerial expertise.
EXPERIENCE
Cybersecurity GRC Analyst ( IAM)
June 2024- Date
Raytheon, Arlington, VA Cybersecurity GRC Analyst (IAM)
Reduces ATO processing time by 25% by enhancing RMF documentation and POA&M tracking.
Collaborate with Validators, Information Systems Security Engineers and supported Information Systems Security Manager (ISSM).
Enforces BCP, Third party risk management M&A policy in acquisition of Pratt Whitney.
Performs cybersecurity risk assessments to identify and document client risks in accordance with industry’s best practices and regulatory bodies to include CMMC2.
Identifies and address IAM security control gaps for Pratt & Whittney and Raytheon merger nationwide.
Manages Information Governance team and advised on Information Security Policy documentations for FEDRAMP, NIST and ISO 27001.
Guides vulnerability remediation, compliance initiatives, and regulatory audits (e.g., SOC 2, PCI, NIST).
Directed quarterly Federal Systems access reviews using SailPoint and ServiceNow, ensuring 100% compliance with NIST SP 800-53 and reduced unauthorized access incidents by 30% companywide during the 18-month post-merger integration phase.
April 2023 – June 2004
Moody’s Analytics, New York Senior Engineer II, AI Governance
Created and maintained documentation for customers on Moody’s products’ information security controls. Ran risk remediation projects related to IT and cyber control improvements.
Support audit engagements, which include both internal audits of Moody’s products and external audits for SOC 1 and SOC 2 reports.
Monitor regulatory obligations and maintain audit readiness through continuous assessment and documentation.
Demonstrate excitement to build automation, evidence pipelines, and control enforcement into CI/CD workflows, cloud environments, and developer tooling
Developed and implemented robust AI governance frameworks, policies, and standards.
Assisted in Agentic AI for Governance, Risk, and Compliance (GRC)
Monitored CI CD pipeline during code assessment devops using. SAST and DAST tools.
Monitored snyke, netspaker dashboard reporting on application security vulnerabilities.
Aug 2021- Jan 2023
Salesforce, San Francisco, CA Business Information Security officer (IT Risk & Compliance)
Conduct internal and external cybersecurity audits to ensure compliance with applicable standards.
Acted as a key liaison between top fortune 500 companies’ IT heads and business units, scheduled kick off with stakeholders, including clients, managers, and developers, to ensure clear communication and understanding of business needs and IT architectural environment, tenants and Salesforce org.
Developed solutions and recommended changes to business processes to improve efficiency and performance. – such as MFA SSO implementations, commerce cloud, sales cloud and hyperforce.
Liaison between Internal Auditing SOX teams and cybersecurity unit to evaluate IT general control design, implementation, and operating effectiveness to support Service Organization Control (SOC) reports.
Implemented and managed large Salesforce projects such as transitioning to Salesforce Lightning.
Performance of technical security controls assessments and baseline validations to identify vulnerabilities and control deficiencies as part of the continuous monitoring program.
Achievements: Oversaw integration of Salesforce API with new AWS instance by leading 20 cloud developers, resulting in an additional $40MM of project revenue for Salesforce.
Achievements**: Achieved 80% Key adoption of Security Control Assessment of IA and AC control Families (MFA SSO) Implementation for external users and Salesforce Customer for Audit Readiness.
Aug 2018 - Jul 2021
USAA, Plano, Texas Information Security Engineer II IT Governance, Cybersecurity
Managed Deployment of BOX under the Identity Access Management Infrastructure projects in USAA.
Assisted with SOC2 Audit Readiness, Implementation of controls that map to compliance frameworks such as NIST, SOC2, SOX and GDPR.
Oversight of Cybersecurity activities including hardware/software change management, account management, auditing, media protection, training, file transfers, etc. for BOX Application.
Sustained RMF Body of Evidence of assigned systems, including SSPs, SARs, POAMs, SOPs, test plans, etc
PMO liaison for IT Audit and application maintenance for compliance per PCI-DSS, SOC2 Standards.
Managed, coordinated, implemented, and enforced information systems security policies, standards, and methodologies.
Achievements: Delivered a file sharing system that provides Confidentiality, Integrity and Availability to secure sensitive Banking data, PII, HIPPA, DLP (Data Loss Prevention) to be complaint with PCI DSS & HIPPA.
Apr 2016 - May 2018
FEDEX HQ, Plano, Texas Snr Cybersecurity Engineer - Vulnerability & Patch Management (RA5)
Subject Matter Expert SCCM and Patch Management.
Identified and analyzed potential security vulnerabilities in software applications and systems.
Design and implement penetration testing and vulnerability assessment strategies.
Understanding of vulnerability scoring systems (CVSS), threat modeling framework.
Conduct regular security audits and risk assessments to identify potential vulnerabilities
Maintained and monitored Firewalls, IDS, IPS, AV, Patching, Vulnerability Scanning, Internal/External Penetration testing, Active Directory, Exchange, file sharing, VMware virtual servers, desktops, and storage.
Enforced the Risk Management Framework (RMF) in accordance with NIST SP 800-37 and IS0 27001. (RA5)
Directed compliance initiatives leveraging NIST SP 800-53 controls to assess, remediate, and document vulnerabilities across 200+ assets using Qualys and SCCM, sustaining a 98% adherence rate in quarterly audits.
Achievements: Increased Number of FedEx Compliant Servers by 80% within 2 years.
May 2014 – Oct 2016
Microsoft, North Dakota & Colorado Premier Field Engineer & Server Engineer – DevSecOps
Led a team of 5 helpdesk techs to the roll out of windows 7 to numerous hospitals under CHI.
Configured Server baseline and server hardening for sever deployments' application team.
Ensured any configuration changes are submitted via change request and go through the CM process.
Hard core registry configuration for application, software and hardware configs.
Hands-on experience with scripting or automation tools (Python, PowerShell, REST APIs) for sys prep
Served as Post Windows 7 deployment Tier 2 and Tier 3 Support.
Responsible for patch compliance on workstations using tools such as SCCM and WSUS. Act as tier 3 support for SCCM related issues including patching, image deployment, and SCCM client issues.
Responsible for creating and maintaining multiple production images using SCCM with MDT.
Created SQL scripts to gather reporting information on SCCM endpoints.
Apr 2013 – Apr 2014
Fujitsu Richardson TX, Network Operations Command Center (NOC) / SOC Analyst
Checked and evaluated logs, routing/switching issues, and configuration issues; as well as conducting ping tests, stress tests and notify Network Engineers to determine the root cause. Monitored Network Security and report and document any breaches.
Performed regression tests on all Fujitsu Kiosks, Digital Displays and cash registers on client sites after new builds or troubleshooting.
Configured/Troubleshot routing and layer-2 network protocols (BFD, OSPF, BGP, EIGRP, HSRP).
Aug 2005 - Apr 2012
3Knights Computers, London, UK Web Security
Managed digital design projects and worked closely with clients to manage expectations, team roles, and the status of projects.
Maintained the Agency's corporate Web portal
Created corporate web sites, portals and large-scale web applications by Implementing HTML, JSP ASP Servlets, Adobe Macromedia Products, Cold Fusion, JQUERY, CSS, JAVASCRIPT, XML and adopted successful SEO strategy.
EDUCATION
Bachelors of Computer & Information Science
Lead City University • 2007
Masters In International Business
University of Wollongong • 2008-2009
CERTIFICATIONS
Project Management Professional (PMP)
Certified Information Security Manager (CISM) ISACA
Salesforce Administrator (SFDC)
AI in Financial Services Professional Certification
AI Governance Certification ( Securiti )
Microsoft Certified Solutions Associate (MCSA)
Microsoft Certified IT Professional (MCITP)
AWARDS & HONORS
Honored
Marquis Who's Who In America • 2024
Honored Listee.
SKILLS
Project Management, Scrum, Kanban, JIRA, ServiceNow
Azure, Java, AWS, Python, PHP, HTML, C++, XML, ASP, .NET
ISO 27001, FISMA/HIPAA, SCCM, PowerShell, Kanban, Arch GRC, WebInspect, Nessus, Citrix, POAM, FedRAMP, NIST, COBIT, MetricStream, Reporting, Risk Mitigation & Change Mgt, Vulnerability Assessment, ISO Documentation, IT Auditing, Microsoft Sentinel, Splunk.
Troubleshooting & Configuring
Contact this candidate