303-***-**** • ad3oyy@r.postjobfree.com

FRANK JARAMILLO

Results-oriented, highly productive technical professional with over 30 years of success in applying strong problem-solving skills to clarify ambiguity and resolve highly complex issues within the tightest timeframes. Engaged in Strategic Planning, Business Alignment, and Mission of business. Effectively operate in the multi-vendor systems for the public sector, demonstrate effectiveness in all aspects of IT Compliance, IT Security, IT Operations, IT Business Liaison, Customer Service Level agreements (SLAs) and Organizational Operating Level Agreements (OLAs.) Expert manager with the proven ability to synthesize complex information and identify and properly addressed hidden needs of the clients. Possess in-depth, hands-on experience with multiple technology stacks, have strong analytical skills, can-do mentality, and keen eye for details. Bring Professionalism and Value to the Organization. Participate/Contribute in making IT Security a global reality.

AREAS OF EXPERTISE

Effective Communication

Strategic Partnerships

Cross-Functional Collaborations

Team Leadership & Training

Vendor Management

Compliance Assurance

NIST, HIPAA, SOX, PCI

Medicaid / Medicare

Systems Security

ITIL-based Service Level Delivery Management

BCP & DR

Strategic & Visionary Planning

Project & Program Management

NIST Cybersecurity Framework

CSA CCM, CAIQ Frameworks

Performance Improvement

Computer System Analysis

Technical Computing

Applications Development

Software Lifecycle

IT Architecture

Release Management

Vendor management

Leadership

Mentorship

Institute of Internal Auditor's (IIA) International Professional Practices Framework (IPPF)

ITIL V3, ITIL SOA, CISA, CISSP, CCSK, CDPSE

PROFESSIONAL BACKGROUND

Compute-66, Broomfield Colorado Jan 2024 - Present

Risk and Compliance Consultant

AS IT Compliance Consultant, I can assist in numerous areas of business to meet the Government Regulations, Commercial Regulations, and Internal Policy’s needs. Ensure that associated processes, procedures, and associated controls are in place to manage today’s complex security risks. Continual testing of controls to meet compliance associated requirements.

TIAA, Denver Colorado Jan 2022 – Dec 2023

Global Internal Audit Manager, Professional Practices Group Quality Assurance

As a Manager of PPG Internal Audit, I was responsible for providing Audit management and expertise for the Professional Practice Group of Internal Audit Services department. The work included job plans to conduct complex highest level of Quality Assurance Reviews for internal audits under the general direction of the Audit Executive/Director and in compliance with audit standards, schedules and regulatory expectations. Continual work on problems of diverse scope involving assessment of risk, interpreting audit results and developing recommendations for remediation. The Manager of Internal Audit entails the oversight of Internal Audit teams of professional employees and serves as a subject matter expert regarding the evaluation of the adequacy of the company's internal control structure and effectiveness, effectively communicating complicated risk and control considerations to management, peers, external auditors, subordinates and others. Additionally, the job entails the decisions on complex technical issues dealing with risk assessment, regulatory compliance and controls issues having moderate to high impact to the organization.

QAR

oAudits (Technical and non-technical)

oManagement Action Plans (MAPs) / Corrective Action Plans

oRisk Assessments

Education and Advisement on Audit Controls alignment and then provides guidance to subordinates and/or peers in the conduct of an audit and monitors progress and quality against stated audit objectives and department requirements.

Manages multiple projects concurrently with full responsibility.

Direct interactions with regulators such as the Federal Reserve, OCC, SEC, FINRA, or state Insurance Departments.

Ensuring Audit teams align problems of diverse scope using the organization's risk based internal auditing methodology.

Fosters an innovative and collaborative working environment to deliver effective and efficient audits leveraging data analytics and information technology specialists, as appropriate, to identify and implement advanced testing methods.

Ensure that Audit teams maintain remediation solutions where control weaknesses have been identified, providing recommendations on risk and control strategies and works with business management to track and monitor resolution of audit issues.

KAISER PERMANENTE, GREENWOOD VILLAGE, CO July 2020 – Jan 2022

CORPORATE SERVICES IT Risk Manager Compliance Consultant

Consult and advise on Compliance initiatives for Corporate Services

Manage SOX intake and ITGC reviews for Corporate Systems and Applications

Participate in Technology Risk office HIPAA IT Application Risk Assessment

Assist as needed in Sustaining SOX reviews

Lead Application Compliance Profiling intake into ProcessUnity GRC tool

Evaluate ITGC’s and associated Narratives

Educate Corporate Services IT Program/Project Managers in Compliance requirements and process to fulfil requirements

Work with SOX PMO on requirements and intake

Work with Auditors on external SOX assessments

Complete SOC reviews to ensure alignment KP SOX requirements

SOC Exception Management

Work with Application teams, CSIT technical leads, IT Operations, Risk Office, IAM, and Business application owners to satisfy KP requirements

KAISER PERMANENTE, GREENWOOD VILLAGE, CO APR 2017 – July 2020

IT SECURITY AND COMPLIANCE AND ASSURANCE PROJECT MANAGER 3

Supervised the HIPAA IT Operations Assessment team on HTCP initiatives

Act as the HIPAA expert from technical, program management and business consulting perspective in support of IT Operations and IT Compliance activities

Enhance and matured the compliance program management for IT Operations Compliance, with a focus upon HIPAA control self-assessment activities

Utilize NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments work paper foundation.

Coordinate the timing and execution of Annual IT Operations HIPAA Controlled Self-Assessment

Developed multi-year planning process and providing program/project descriptions, estimated costs and risk justification data.

Ensured that to nurture team and Business Partners relationships within IT Operations KP IT Executives, Security & Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.

Coordinated SME's and BIO’s alignment and understand internal control environment. Ensured that communications were understood, viable, and deliverable.

Continued to Serve on Vulnerability Management Work Group and increase contributions to Privacy and Security Initiative.

Ensured the Completion annual testing in quarter amount time of prior years and set testing alignment to two times a year versus one.

Working across a number of compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).

APEX / KAISER PERMANENTE, GREENWOOD VILLAGE, CO JAN 2015 – FEB 2017

SR. IT SECURITY AND COMPLIANCE AND ASSURANCE PROJECT MANAGER

Act as subject matter expert from technical, program management and business consulting perspective in support of IMG and IT Compliance activities.

Work across a number of compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).

Provide advanced compliance program management for IMG Compliance, with a focus upon HIPAA control self-assessment activities.

Implement NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments.

Remain current with emerging regulatory sentiments and assess the impact of laws and regulations on KP systems and technology. Manage largescale risk/security assessment studies and projects.

Exhibit pragmatism in formulating process remediation and implementation strategies, defining work scope; and providing recommendations. Design sustainment strategies and measurement systems to ensure that Compliance requirements can be scaled as well as maintained over time.

Support strategic multi-year planning process by providing program and project descriptions, estimated costs and risk justification data.

Develop and nurture trusted relationships with Business Partners, KP IT Executives, Security & Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.

Coordinate with internal SME's to understand internal control environment. Create SDA training and instruction to complete assessments. Oversee KP Security Control Mapping to IBM ISEC.

Serve on Vulnerability Management Work Group and contribute to Privacy and Security Initiative.

PRESBYTERIAN HEALTH PLAN, ALBUQUERQUE, NM SEP 2011 – SEP 2014

IT BUSINESS RELATIONSHIP MANAGER / SERVICE LEVEL MANAGER

Effectively liaised C-Level Business Leadership and Infrastructure Technology teams, advised on conceptual and functional views of the applications that relate to the services portfolio/catalog.

Continually refined the development processed and solutions, ensured that IT environments were adequately supported and that solutions met the strategic goals in a timely manner, lower risk, and economically sound manner. Collaborated with PMO on project clarification needs.

Lead cross-functional IT teams in Agile or Waterfall environments, oversaw requirements gathering for Facets, Oracle, and reporting teams. Worked with Security on Facets access needs, integrated process and workflow for Facets Broker commissions module.

Addressed budgetary needs, project feasibility and initiations.

Conducted gap analysis to distinguish current and future IT/Business roadmaps; developed intake solution; evaluated new products; created and responded to RFP’s/RFI’s.

Attended Federal and State Meetings, communicated to and from business, IT, and Government entities including the State of New Mexico’s Health Services Department (HSD) Medicaid, Commercial Products/ Health Insurance Exchange Office of Superintendent of Insurance (OSI) / CMS, and Medicare programs.

Managed all audits surrounding the Privacy, Security, HIPAA, SOC and Internal Controls, served as primary IT interface contact to Compliance and Regulatory departments.

COMPUTE-66 IT CONSULTING, ALBUQUERQUE, NM JUL 2010 – SEP 2011

SR. IT CONSULTANT / OWNER

Information Technology Professional Consultant.

COMPUTE-66 IT CONSULTING delivers a full spectrum of Computer Information Technology professional services for public, private, and government agencies.

●Architectural Infrastructure Advisory / Business GAP Analysis

●Computer System Hardware and Software

1. System analysis

2. Design (Agile / Waterfall)

3. Testing

4. Operations and maintenance

●Computer Vendor Liaison

● Computer Security, Performance Analysis

●Operations Management, IT management, Supervisor and/or Operational Leadership

SANDIA NATIONAL LABORATORY, ALBUQUERQUE, NM OCT 2005 – JUL 2010

MANAGER / TECHNICAL LEAD / SR. SYSTEMS ANALYST

Directed the entire personnel and the project lifecycle from development, integration, to production of the classified and unclassified Critical Infrastructure Computing Environment. Led the storage architecture group and disaster recovery team, conducted disaster recovery for New Mexico.,

Strategically enhance a fifteen-year staggering infrastructure computing environment into a high-performing computing environment. Achieved never experienced customer satisfaction level.

Consistently met all service level agreements (SLA’s) and systems development life cycles (SDLC) in compliance with the SNL, DOE, Military, and other Governmental agencies requirements.

Identified areas for improvements, investigated and integrated all new hardware and software concepts.

Owned and distributed budgets, utilized all UNIX/Linux systems related to financials, PeopleSoft, data warehouse, general purpose, and e-business suites;

Enterprise System Governance Team in overseeing laboratory computing functions for current and future needs. Conveyed information to the Chief Information Officer (CIO). Facilitated cross-group collaborations with database managers, administrators and e-business teams.

Successfully integrated Oracle Enterprise Linux (OEL) for the Oracle R12 e-business suite.

HEWLETT-PACKARD, ALBUQUERQUE, NM JUN 2000 – OCT 2005

MANAGER SR. IT TEAM AND TECHNICAL LEAD FOR ASCI RED SUPER COMPUTER

Managed all aspects of the primary Super Computer System development that was utilized by tri-laboratories, NASA, and other government organizations.

Liaised end-users, development team and management to ensure all requirements are properly met.

Trained and educated junior analysts and coordinated cross-functional teams and collaborations.

Managed Budget needs;

Served as Computer Information Security Officer (CISO), designed and implemented a security plan

Implemented system enhancement procedures which increased stability of the computing environment.

PREVIOUS EXPERIENCE

Compaq/Hewlett-Packard, Albuquerque, NM – Manager Sr. IT Lead 1997 – 2000

Security and Engineering Science

Digital/Compaq/Hewlett-Packard, Albuquerque, NM - Sr. IT Lead / Manager and 1997 – 2000

Technical Integrator For ICADS

Mission Research, Albuquerque, NM - Junior Engineer / Information Technology Lead 1996 – 1997

Philips Laboratory Air Force Research Laboratory, Albuquerque, NM - Information 1990 – 1996

Technology Management for Applied Micro-Electronics Department and Space and Missiles Division

Coronado Center Security / University of NM Student, Albuquerque, NM 1988 – 1990

United States Navy, San Diego, CA 1984 – 1988

EDUCATIONAL BACKGROUND

Master of Science in Computer Information Systems, University of Phoenix, Albuquerque, NM

Bachelors Earth and Planetary Science / Computer Science, University of New Mexico, Albuquerque, NM

ITIL V3, ITIL SOA, CISA, CISSP, CCSK

AWARDS AND RECOGNITIONS

3 Exceptional Work Achievement Awards

End to End Virtualization Team, Sandia, 2009; Corporate UNIX/Database Infrastructure Stability, Sandia, 2009; PHP Medicaid Directors Appreciation Award, 2011; PHP Award from VP of Strategic Planning, 2013; PHP Award from President of Health Plan, 2014.

National Laboratory Institutional Cluster Project Award, HP / Sandia, 1999; National Laboratory ASCI Red Super Computer Project, HP / Sandia, 2003; 2005 DOE Security Audit, Sandia, 2005; National Laboratory Employee Recognition Awards, Sandia, 2006; Disaster Recovery Project-Livermore

Deployment, Sandia, 2007.

Certificate of Achievement, United States Air Force, 1995; Outstanding Accomplishment Award, Compaq, 1998.

Expedition Medal, United States Armed Forces, 1987; Sea Service Deployment Ribbon, United States Navy.

Honorable Discharge, United States Navy, 1988; Expeditionary Medal, United States Navy, 1987.

Meritorious Unit Commendation, United States Coast Guard, 1985; Sailor of the Quarter, Sailor of the Year, USS Schofield FFG3, 1986; Sailor of the Year Nominee, COMDESRON SEVEN, 1986.

PROFESSIONAL AFFILIATIONS

International Institute of Business Analysis (IIBA)

Information Systems Audit and Control Association (ISACA)

International Information Systems Security Certification Consortium (ISC2)

451 Alliance Member

Contact this candidate