Felix C. Uduma

Conducted comprehensive security control assessments and cyber risk reviews across SaaS platforms and internal systems, identifying exploitable gaps and mapping findings to ISO 27001 and GDPR requirements.

Investigated identity access anomalies and third-party integration risks, compiling structured reports with clear remediation priorities for leadership and engineering teams.

Maintained and updated the risk register, tracking remediation progress and feeding results into governance reporting to provide senior stakeholders with a clear, real-time view of organizational risk posture.

Developed and implemented security metrics and dashboard reporting to enable leadership to monitor risk trends over time, enhancing proactive decision-making.

Managed audit readiness efforts, documenting control evidence and coordinating remediation tracking through ServiceNow-aligned ticketing workflows to streamline compliance processes.

Investigated security alerts across multiple enterprise client environments, addressing phishing campaigns, BEC incidents, malware activity, and suspicious user behavior from initial triage to documented findings and recommended actions.

Executed proactive threat hunting operations using MITRE ATT&CK to model adversary behavior, identifying threats that bypassed automated detection and enhancing overall security posture.

Analyzed network traffic, endpoint telemetry, and log data to identify indicators of compromise, misconfigurations, and attack paths across both cloud-hosted and on-premise infrastructure.

Authored structured incident reports and threat analysis summaries, providing clear, actionable findings and next steps directly usable by client security teams and senior stakeholders.

Collaborated with security engineers and client contacts to walk through findings, agree on remediation priorities, and track resolution using Jira and ServiceNow ticketing workflows, improving incident lifecycle management.

Conducted third-party and vendor security risk assessments across a payment ecosystem, evaluating supplier security posture, API integration risks, and potential attacker access paths within the platform.

Reviewed payment platform architecture, cloud infrastructure, and API configurations to identify exploitable weaknesses, producing technical findings documents with practical mitigation recommendations.

Utilized OSINT and vendor intelligence to build a clearer picture of the external threat surface, informing targeted remediation priorities beyond generic compliance checklists.

Contributed to the design of threat detection controls and integrated investigative findings into governance frameworks, ensuring that assessment learnings actively improved platform security.

Produced compliance reports and technical briefings aligned to ISO 27001, PCI DSS, and GDPR, providing internal teams and leadership with essential detail for oversight and audit purposes.

Orchestrated IT governance and day-to-day security operations across cloud infrastructure, web-facing platforms, and internal systems, encompassing risk assessments, threat analysis, and vulnerability management.

Established and implemented security monitoring and incident response procedures from scratch, providing the organization with its first structured capability for detecting and responding to security events.

Designed and executed threat simulation exercises to stress-test controls and identify gaps in access control, data handling, and business continuity scenarios before potential attacker exploitation.

Developed and rolled out comprehensive security policies covering access, data protection, and continuity; delivered targeted security awareness sessions to enhance staff's ability to recognize and report real attacker tactics.

Generated executive-level security reporting and risk documentation, providing leadership with a grounded view of the organization's exposure and the strategic initiatives addressing it.