It Security Customer Service
Resume:
303-***-**** • *****.*.*********@*****.***
FRANK JARAMILLO
Results-oriented, highly productive technical professional with over 30 years of success in applying strong problem-solving skills to clarify ambiguity and resolve highly complex issues within the tightest timeframes. Engaged in Strategic Planning, Business Alignment, and Mission of business. Effectively operate in the multi-vendor systems for the public sector, demonstrate effectiveness in all aspects of IT Compliance, IT Security, IT Operations, IT Business Liaison, Customer Service Level agreements (SLAs) and Organizational Operating Level Agreements (OLAs.) Expert manager with the proven ability to synthesize complex information from Global, Federal, State LAWs/Statues, and associated requirements. Possess in-depth, hands-on experience with multiple technology stacks, have strong analytical skills, can-do mentality, and keen eye for details. Bring Professionalism and Value to the Organization. Participate/Contribute to making IT Security a global reality.
AREAS OF EXPERTISE:
Effective Communication
Strategic Partnerships
Cross-Functional Collaborations
Team Leadership & Training
Vendor Management
Compliance Assurance
NIST 800-53, NIST CSF, NIST 800-171, MARS-E, HIPAA, SOX, PCI,
Medicaid/Medicare, Anti-Kickback
Systems Security
ITIL-based Service Level Delivery Management
BCP & DR
Strategic & Visionary Planning
Project & Program Management
CSA CCM, CAIQ Frameworks
Computer System Analysis
Technical Computing
Software Lifecycle
IT Architecture
Release Management
Leadership/Mentorship
Institute of Internal Auditor's (IIA) International Professional Practices Framework (IPPF)
Certifications: CISSP, CCSK, CDPSE, ITIL, ITIL SOA, CISA
Work Experience:
Compute-66, Broomfield Colorado Jan 2024 - Present
Risk and Compliance Consultant
AS IT Compliance Consultant, I assist in numerous areas of business to meet the Government Regulations, Commercial Regulations, and Internal Policy’s needs. Ensure that associated processes, procedures, and associated controls are in place to manage today’s complex security risks. Continual testing of controls to meet compliance associated requirements.
Current Consultant Engagement:
Implementation of a full Security Program for a Supercomputer Environment to ingest and process ePHI Data Securely and HIPAA Compliant.
Development and Security Program Design, scoping, GAP analysis, NIST Implementation, and Project Management, Cross functional alignment
System Security Plan
Organizational Standards
Organizational Standards and Standard Operating Procedures / Technical writing
Compliance TOD & TOE
Leadership, Information Security Officer, and Team advisement
Organizational Level Agreements (OLA)
TIAA, Denver Colorado Jan 2022 – Dec 2023
Global Internal Audit Manager, Professional Practices Group Quality Assurance
As a Global Manager of PPG Internal Audit, I was responsible for providing Audit management and expertise for the Professional Practice Group of Internal Audit Services department. The work included job plans to conduct complex highest level of Quality Assurance Reviews for internal audits under the general direction of the Audit Executive/Director and in compliance with audit standards, schedules, and regulatory expectations. Continual work on problems of diverse scope involving assessment of risk, interpreting audit results and developing recommendations for remediation. The Manager of Internal Audit entails the oversight of Internal Audit teams of professional employees and serves as a subject matter expert regarding the evaluation of the adequacy of the company's internal control structure and effectiveness, effectively communicating complicated risk and control considerations to management, peers, external auditors, subordinates, and others. Additionally, the job entails the decisions on complex technical issues dealing with risk assessment, regulatory compliance and controls issues having moderate to high impact to the organization.
QAR
oAudits (Technical and non-technical)
oManagement Action Plans (MAPs) / Corrective Action Plans
oRisk Assessments
Education and Advisement on Audit Controls alignment and then provides guidance to subordinates and/or peers in the conduct of an audit and monitors progress and quality against stated audit objectives and department requirements.
Manages multiple projects concurrently with full responsibility.
Direct interactions with regulators such as the Federal Reserve, OCC, SEC, FINRA, or state Insurance Departments.
Ensuring Audit teams align problems of diverse scope using the organization's risk based internal auditing methodology.
Fosters an innovative and collaborative working environment to deliver effective and efficient audits leveraging data analytics and information technology specialists, as appropriate, to identify and implement advanced testing methods.
Ensure that Audit teams maintain remediation solutions where control weaknesses have been identified, providing recommendations on risk and control strategies and works with business management to track and monitor resolution of audit issues.
KAISER PERMANENTE, GREENWOOD VILLAGE, CO July 2020 – Jan 2022
CORPORATE SERVICES IT Risk and Compliance Manager
Consult and advise on Compliance initiatives for Corporate Services
Manage SOX intake and ITGC reviews for Corporate Systems and Applications
Participate in Technology Risk office HIPAA IT Application Risk Assessment
Assist as needed in Sustaining SOX reviews.
Lead Application Compliance Profiling intake into ProcessUnity GRC tool
Evaluate ITGC’s and associated Narratives.
Educate Corporate Services IT Program/Project Managers in Compliance requirements and process to fulfil requirements.
Work with SOX PMO on requirements and intake
Work with Auditors on external SOX assessments
Complete SOC reviews to ensure alignment KP SOX requirements.
SOC Exception Management
Work with Application teams, CSIT technical leads, IT Operations, Risk Office, IAM, and Business application owners to satisfy KP requirements.
KAISER PERMANENTE, GREENWOOD VILLAGE, CO APR 2017 – July 2020
IT SECURITY AND COMPLIANCE AND ASSURANCE PROJECT MANAGER 3
Supervised the HIPAA IT Operations Assessment team on HTCP initiatives.
Act as the HIPAA expert from technical, program management and business consulting perspective in support of IT Operations and IT Compliance activities
Enhance and matured the compliance program management for IT Operations Compliance, with a focus upon HIPAA control self-assessment activities.
Utilize NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments work paper foundation.
Coordinate the timing and execution of Annual IT Operations HIPAA Controlled Self-Assessment
Developed multi-year planning process and providing program/project descriptions, estimated costs and risk justification data.
Ensured that to nurture team and Business Partners relationships within IT Operations KP IT Executives, Security & Compliance Officers, and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.
Coordinated SME's and BIO’s alignment and understand internal control environment. Ensured that communications were understood, viable, and deliverable.
Continued to Serve on Vulnerability Management Work Group and increase contributions to Privacy and Security Initiative.
Ensured the Completion annual testing in quarter amount time of prior years and set testing alignment to two times a year versus one.
Working across several compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).
APEX / KAISER PERMANENTE, GREENWOOD VILLAGE, CO JAN 2015 – FEB 2017
SR. IT SECURITY AND COMPLIANCE AND ASSURANCE PROJECT MANAGER
Act as subject matter expert from technical, program management and business consulting perspective in support of IMG and IT Compliance activities.
Work across several compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).
Provide advanced compliance program management for IMG Compliance, with a focus upon HIPAA control self-assessment activities.
Implement NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments.
Remain current with emerging regulatory sentiments and assess the impact of laws and regulations on KP systems and technology. Manage largescale risk/security assessment studies and projects.
Exhibit pragmatism in formulating process remediation and implementation strategies, defining work scope; and providing recommendations. Design sustainment strategies and measurement systems to ensure that Compliance requirements can be scaled as well as maintained over time.
Support strategic multi-year planning process by providing program and project descriptions, estimated costs and risk justification data.
Develop and nurture trusted relationships with Business Partners, KP IT Executives, Security & Compliance Officers, and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.
Coordinate with internal SMEs to understand internal control environment. Create SDA training and instruction to complete assessments. Oversee KP Security Control Mapping to IBM ISEC.
Serve on Vulnerability Management Work Group and contribute to Privacy and Security Initiative.
PRESBYTERIAN HEALTH PLAN, ALBUQUERQUE, NM SEP 2011 – SEP 2014
IT BUSINESS RELATIONSHIP MANAGER / SERVICE LEVEL MANAGER
Effectively liaised C-Level Business Leadership and Infrastructure Technology teams, advised on conceptual and functional views of the applications that relate to the services portfolio/catalog.
Continually refined the development processed and solutions, ensured that IT environments were adequately supported and that solutions met the strategic goals in a timely manner, lower risk, and economically sound manner. Collaborated with PMO on project clarification needs.
Lead cross-functional IT teams in Agile or Waterfall environments, oversaw requirements gathering for Facets, Oracle, and reporting teams. Worked with Security on Facets access needs, integrated process, and workflow for Facets Broker commissions module.
Addressed budgetary needs, project feasibility and initiations.
Conducted gap analysis to distinguish current and future IT/Business roadmaps; developed intake solution; evaluated new products; created and responded to RFP’s/RFI’s.
Attended Federal and State Meetings, communicated to and from business, IT, and Government entities including the State of New Mexico’s Health Services Department (HSD) Medicaid, Commercial Products/ Health Insurance Exchange Office of Superintendent of Insurance (OSI) / CMS, and Medicare programs.
Managed all audits surrounding the Privacy, Security, HIPAA, SOC, and Internal Controls, served as primary IT interface contact to Compliance and Regulatory departments.
COMPUTE-66 IT CONSULTING, ALBUQUERQUE, NM JUL 2010 – SEP 2011
SR. IT CONSULTANT / OWNER
Information Technology Professional Consultant.
COMPUTE-66 IT CONSULTING delivers a full spectrum of Computer Information Technology professional services for public, private, and government agencies.
●Architectural Infrastructure Advisory / Business GAP Analysis
●Computer System Hardware and Software
1. System analysis
2. Design (Agile / Waterfall)
3. Testing
4. Operations and maintenance
●Computer Vendor Liaison
● Computer Security, Performance Analysis
●Operations Management, IT management, Supervisor and/or Operational Leadership
SANDIA NATIONAL LABORATORY, ALBUQUERQUE, NM OCT 2005 – JUL 2010
MANAGER / TECHNICAL LEAD / SR. SYSTEMS ANALYST
Directed the entire personnel and the project lifecycle from development, integration, to production of the classified and unclassified Critical Infrastructure Computing Environment. Led the storage architecture group and disaster recovery team, conducted disaster recovery for New Mexico.,
Strategically enhance a fifteen-year staggering infrastructure computing environment into a high-performing computing environment. Achieved never experienced customer satisfaction level.
Consistently met all service level agreements (SLA’s) and systems development life cycles (SDLC) in compliance with the SNL, DOE, Military, and other Governmental agencies requirements.
Identified areas for improvements, investigated and integrated all new hardware and software concepts.
Owned and distributed budgets utilized all UNIX/Linux systems related to financials, PeopleSoft, data warehouse, general purpose, and e-business suites.
Enterprise System Governance Team in overseeing laboratory computing functions for current and future needs. Conveyed information to the Chief Information Officer (CIO). Facilitated cross-group collaborations with database managers, administrators, and e-business teams.
Successfully integrated Oracle Enterprise Linux (OEL) for the Oracle R12 e-business suite.
HEWLETT-PACKARD, ALBUQUERQUE, NM JUN 2000 – OCT 2005
MANAGER SR. IT TEAM AND TECHNICAL LEAD FOR ASCI RED SUPERCOMPUTER
Managed all aspects of the primary Supercomputer System development that was utilized by tri-laboratories, NASA, and other government organizations.
Liaised end-users, development team and management to ensure all requirements are properly met.
Trained and educated junior analysts and coordinated cross-functional teams and collaborations.
Managed Budget needs.
Served as Computer Information Security Officer (CISO), designed and implemented a security plan.
Implemented system enhancement procedures which increased stability of the computing environment.
PREVIOUS WORL EXPERIENCE:
Compaq/Hewlett-Packard, Albuquerque, NM 1997 – 2000
Manager Sr. IT Lead Security and Engineering Science
Digital/Compaq/Hewlett-Packard, Albuquerque, NM 1997 – 2000
Sr. IT Lead / Manager Technical Integrator For ICADS
Mission Research, Albuquerque, NM 1996 – 1997
Junior Engineer / Information Technology Lead
Philips Laboratory Air Force Research Laboratory, Albuquerque, NM 1990 – 1996
Information Technology Management for Applied Micro-Electronics Department and Space and Missiles Division - Computer Analyst
Coronado Center Security / University of NM Student, Albuquerque, NM 1988 – 1990
Security
United States Navy, San Diego, CA 1984 – 1988
Gunners Mate
EDUCATIONAL BACKGROUND:
Master of Science in Computer Information Systems, University of Phoenix, Albuquerque, NM
Bachelor’s Earth and Planetary Science / Computer Science, University of New Mexico, Albuquerque, NM
Certifications
CISSP, CISA, CCSK, CDPSE ITIL V3, ITIL SOA
AWARDS AND RECOGNITIONS:
3 Exceptional Work Achievement Awards
End to End Virtualization Team, Sandia, 2009; Corporate UNIX/Database Infrastructure Stability, Sandia, 2009; PHP Medicaid Directors Appreciation Award, 2011; PHP Award from VP of Strategic Planning, 2013; PHP Award from President of Health Plan, 2014.
National Laboratory Institutional Cluster Project Award, HP / Sandia, 1999; National Laboratory ASCI Red Supercomputer, HP / Sandia, 2003; 2005 DOE Security Audit, Sandia, 2005; National Laboratory Employee Recognition Awards, Sandia, 2006; Disaster Recovery Project-Livermore
Deployment, Sandia, 2007.
Certificate of Achievement, United States Air Force, 1995; Outstanding Accomplishment Award, Compaq, 1998.
Expedition Medal, United States Armed Forces, 1987, Sea Service Deployment Ribbon, United States Navy.
Honorable Discharge, United States Navy, 1988; Expeditionary Medal, United States Navy, 1987.
Meritorious Unit Commendation, United States Coast Guard, 1985; Sailor of the Quarter, Sailor of the Year, USS Schofield FFG3, 1986; Sailor of the Year Nominee, COMDESRON SEVEN, 1986.
PROFESSIONAL AFFILIATIONS:
International Institute of Business Analysis (IIBA)
Information Systems Audit and Control Association (ISACA)
International Information Systems Security Certification Consortium (ISC2)
Cloud Security Alliance (CSA)
451 Alliance Member
Contact this candidate