Open to opportunities

Nelson Rafael Toval Saenz

@nelsonrafaeltovalsae

Message

Medical doctor turned GRC Evidence Analyst focused on audit-ready compliance across global fintech standards.

Nicaragua

Message

What I'm looking for

I’m looking to lead fintech GRC efforts—testing controls, aligning stakeholders, and delivering audit-ready evidence—while using automation to make compliance faster, clearer, and consistently effective across ISO, PCI DSS, DORA, and other regulatory frameworks.

I’m a Medical Doctor turned GRC professional, bringing clinical precision and regulatory expertise to the FinTech compliance space. I’ve built cross-industry experience across primary care, financial risk operations, fraud prevention, and information security governance.

Currently, I’m driving compliance programs at Remitly as a Technology GRC Evidence Analyst, working across ISO 27001/27002, PCI DSS, DORA, NIST, EU & UK EMI, and NYDFS 500. I test controls rigorously, produce audit-ready documentation, and align stakeholders across global regulatory environments.

My GRC work includes performing ~40 controls per quarter across multiple frameworks and completing 7+ User Access Reviews (UARs) per quarter to support least-privilege compliance. I also analyze and manage evidence for internal and external audits, while identifying governance gaps and improving compliance workflows.

Earlier, I worked as a Risk Investigator, performing 185–200 fraud risk reviews, AML checks, and sanctions screenings per week with 85–98% accuracy. I also use automation—developing Python and SQL scripts to reduce evidence collection and reporting time by ~50%, saving about 16 hours per month.

Experience

Work history, roles, and key accomplishments

Current

Technology GRC Evidence Analyst

Current

Remitly

Jan 2025 - Present (1 year 5 months)

Tested ~40 controls per quarter across ISO 27001/27002, PCI DSS, DORA, NIST Privacy Framework, EU & UK EMI, and NYDFS 500 while maintaining audit-ready evidence documentation. Conducted 7+ User Access Reviews per quarter and automated evidence collection/reporting with Python and SQL, reducing task time by ~50% (~16 hours/month.

GRC ISO 27001 27002 PCI DSS DORA Python SQL

Risk Investigator

Remitly

Jan 2023 - Jan 2025 (2 years)

Performed 185–200 fraud risk reviews, AML checks, and sanctions screenings per week, maintaining 85–98% accuracy across case types. Supported customers across live and back-office channels and streamlined workflows to reduce manual handoffs and improve case resolution efficiency.

Fraud Detection AML Sanctions Screening Risk Assessment Case Management Customer Support Quality Assurance Workflow Optimization

Customer Service Representative

Ibex S.A.

Jan 2022 - Jan 2023 (1 year)

Conducted 300–350 OFAC screenings per week for Western Union Government Sanctions to support compliance with US sanctions regulations. Managed high-volume EMS collections (~100/week) and healthcare transportation coordination (~200/week), and trained new hires on compliance standards and quality protocols.

OFAC U.S. Sanctions Regulations Customer Service Case Processing

Medical Doctor - Primary Care

SILAIS Ocotal

Jan 2018 - Jan 2021 (3 years)

Provided comprehensive primary care to rural communities with limited resources, managing high patient volumes and supporting underserved populations. Led prenatal care and child development monitoring programs while applying strong crisis decision-making and communication skills.

Primary Care Prenatal Care Child Development Monitoring Clinical Decision Making Crisis Response Communication