Lety Hernandez

I'm a GRC and compliance analyst with 5+ years of experience across financial services and federal environments, currently at a Big 4 consulting firm. My background is a mix of financial crimes compliance (KYC, EDD, BSA/AML, SAR investigations) and federal audit work, and over the past year I've moved deeper into access governance and identity security through a SailPoint Identity Security Cloud engagement at a Fortune 500 pharmaceutical distributor, where I run quarterly User Access Reviews and recertification operations aligned to SOX ITGCs.

A few wins I'm proud of: I cut audit findings from 39 to 28 across two consecutive review cycles at the U.S. Treasury, and at my current firm I built a week-long internal cybersecurity training program for analysts covering Third-Party Risk Management, Identity and Access Management, GRC fundamentals, and Managed Application Security Testing. The program includes interactive sessions, knowledge checks, and final exams, and it's now part of how the team levels up on security delivery work.

What I want next is a remote GRC, compliance, or IAM analyst role at a SaaS or fintech company, ideally one building toward SOC 2 Type II or ISO 27001 certification. I'm strong on the foundational pieces of any certification program: risk registers, audit evidence collection, third-party risk reviews, policy authoring, access governance, and cross-functional coordination across Engineering, Legal, HR, and Sales. I haven't owned a full SOC 2 cycle yet but I've executed every component piece, and I'd ramp fast.

Certifications: ServiceNow Certified System Administrator (CSA), Certified Scrum Master (CSM), Asana Workflow Specialist. In progress: CompTIA Security+ and SailPoint Identity Security Cloud. Outside of work I'm interested in identity security, fintech compliance, and the operational side of building lean security programs at high-trust companies.