Patricia Hernandez
@nicolehp
IT Risk & Governance consultant focused on compliance, ITGCs, and operational resilience.
SpainWhat I'm looking for
I am an IT Risk & Governance professional with 3+ years' experience in technology risk management, internal control validation, and regulatory compliance across global enterprise environments. I have conducted IT risk assessments and ITGC evaluations covering IAM, encryption, vulnerability management, and application security, aligned with ISO 27001, SOC 2 Type II, GDPR, PCI-DSS and EU regulations such as NIS2 and DORA.
I contribute to DORA-aligned ICT risk management and operational resilience initiatives, manage risk registers and remediation tracking, and support internal and external audit engagements with structured evidence packages. I translate regulatory requirements into practical, risk-based recommendations for engineering and product teams while balancing compliance and operational feasibility.
Experience
Work history, roles, and key accomplishments
Conducted RCSA-style IT risk assessments across 200+ digital assets and third-party integrations, identified control gaps and regulatory impact, and supported DORA-aligned ICT risk and operational resilience initiatives. Managed risk registers, coordinated remediation and acceptance with owners, and prepared evidence packages to support internal and external audits.
Supported cybersecurity and privacy certification activities, contributing to control validation and documentation to improve compliance posture across digital services. Assisted with evidence collection and privacy alignment tasks to maintain certification readiness.
Junior Industrial Engineer
Utexa
Jul 2021 - Oct 2021 (3 months)
Performed industrial engineering tasks to support manufacturing operations, contributing to process improvements and operational efficiency during tenure. Collaborated with cross-functional teams to implement production optimizations.
Education
Degrees, certifications, and relevant coursework
Universitat Politècnica de Catalunya
Master in Cybersecurity Management, Cybersecurity Management
Master in Cybersecurity Management currently in progress with expected completion in 2026.
EAE Business School
Master in Project Management, Project Management
2021 - 2022
Completed a Master in Project Management with a minor in Cybersecurity, covering project delivery and cybersecurity fundamentals.
Universidad Tecnológica Centroamericana (UNITEC)
Bachelor of Engineering, Engineering
2017 - 2021
Bachelor of Engineering covering core engineering principles completed in 2021.
Tech stack
Software and tools used professionally
Availability
Location
SpainAuthorized to work in
Germany
Poland
France
Norway
Switzerland
Sweden
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Portugal
Romania
Slovakia
SloveniaSalary expectations
Job categories
Skills
Interested in hiring Patricia?
You can contact Patricia and 90k+ other talented remote workers on Himalayas.
Message PatriciaFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
