Haneef Shaik

• Evaluate and assess existing governance, risk management, and compliance frameworks within client organizations
• Develop and implement GRC strategies, policies, and procedures aligned with best practices and regulatory requirements
• Conduct risk assessments, internal audits, and compliance reviews to identify deficiencies and recommend corrective actions
• Collaborate with cross-functional teams to promote a risk-aware culture and ensure compliance with relevant laws and regulations
• Responsible in analysing security data to detect and investigate and monitor using Splunk.
• Responsible to get Risk assessment done as per the HIPAA standards.
• Collaboration with SOC and InfoSec on incident detection and mitigation and ensuring swift
response to emerging threats.
• Perform Source Code Assessment on internal product, ensuring coding practices and
identifying vulnerabilities before production.
• Client communications with reports drafting along with False Positive demonstrations
• Responsible for handling exception process, approvals and mitigation timelines.

• Led application security initiatives across 8 Business Unit applications, enhancing overall security posture.
• Prepared Non-Disclosure Agreements (NDAs) and gathered critical project information to ensure compliance and security.
• Reviewed application architecture to identify potential security flaws and recommend improvements.
• Executed comprehensive network penetration testing to uncover vulnerabilities and strengthen defenses.
• Demonstrated security checks and best practices to development teams, fostering a culture of security awareness.
• Assisted developers in understanding and mitigating vulnerabilities, enhancing application security knowledge.
• Analyzed Application Requirements Documents (ARDs) and Requirements Traceability Artifacts (RTAs) for all Business Units, ensuring security considerations are integrated.
• Developed tailored test plans aligned with project scope, ensuring thorough security assessments.
• Conducted application security assessments to identify risks and recommend actionable solutions.

• Developed and executed Non-Disclosure Agreements (NDAs) to safeguard project information.
• Crafted comprehensive test plans aligned with project scope to ensure thorough security assessments.
• Conducted rigorous application security testing for both internal and external applications, identifying vulnerabilities.
• Led end-to-end penetration testing on Application Control Objects (ACOs), enhancing security posture.
• Compiled detailed reports with actionable recommendations, driving improvements in security measures.
• Coordinated follow-ups on patching updates to ensure timely resolution of identified vulnerabilities.
• Monitored emerging vulnerabilities, proactively addressing issues impacting Amadeus business operations.
• Engaged in continuous research to stay ahead of cybersecurity trends and threats.

• Design and execute security testing strategies to identify vulnerabilities in applications and systems.
• Collaborate with development and product teams to ensure security requirements are integrated into the software development lifecycle.
• Oversee the management of security testing environments, ensuring they mirror production settings for accurate assessments.
• Engage in risk assessment and threat modeling sessions to proactively address security concerns.
• Analyze security testing efforts by estimating resource requirements and planning for comprehensive security evaluations.
• Advocate for best practices in application security and contribute to the development of security policies and procedures.

• Analyze security requirements, user stories, and technical specifications to develop comprehensive security test plans.
• Define security strategy, scope, objectives, resources, timelines, and risk areas related to application security.
• Participate in sprint planning, backlog grooming, and requirement clarification sessions to ensure security considerations are integrated.
• Execute security assessments, including manual penetration tests, vulnerability scans, and risk assessments.
• Maintain and update security test suites as application features and security threats evolve.
• Identify and document security vulnerabilities with clear steps for remediation, enhancing overall application security posture.
• Collaborate with cross-functional teams to promote security best practices and compliance.