Post Job Free
Sign in

Risk and Compliance Advisor

Location:
Broomfield, CO
Salary:
140000
Posted:
May 08, 2026

Contact this candidate

Resume:

FRANK JARAMILLO

*****.*.*********@*****.*** 303-***-****

www.linkedin.com/in/frank-jaramillo-24996525

PROFESSIONAL SUMMARY

Results-oriented, highly productive technical professional with over 30 years of success in applying strong problem-solving skills to clarify ambiguity and resolve highly complex issues within the tightest timeframes. Engaged in Strategic Planning, Business Alignment, and Mission of business. Effectively operate in the multi-vendor systems for the public sector, demonstrate effectiveness in all aspects of IT Compliance, IT Security, IT Operations, IT Business Liaison, Customer Service Level agreements (SLAs) and Organizational Operating Level Agreements (OLAs.) Expert manager with the proven ability to synthesize complex information from International, Federal, State LAWs/Statues, and associated requirements. Possess in-depth, hands-on experience with multiple technology stacks, have strong analytical skills, can-do mentality, and keen eye for details. Bringing Professionalism and Value to the Organization Environment. Participate and Contribute to making IT Security a Company and Global reality. Excellent written and verbal communication skills with the ability to explain complex concepts clearly. Proven Leadership and Mentorship that align to business goals. Ability to work independently and/or with a team.

SKILLS

Areas of Expertise:

Effective Soft skills and writing

Strategic Partnerships

Cross-Functional Collaborations

Team Leadership & Training

Vendor Management

Compliance Assurance

NIST 800-53, NIST CSF, NIST 800-171, HIPAA, SOX, PCI, SOC

GRC Tools: ServiceNow, Optro (AuditBoard), Archer, ProcessUnity

Medicaid/Medicare, Anti-Kickback

Systems Security

ITIL-based Service Level Delivery Management

BCP & DR

Clear written and verbal communication skills

Technical Computing

Software Lifecycle

IT Architecture

Release Management

Strategic & Visionary Planning

Project & Program Management

CSA CCM, CAIQ Frameworks Computer System Analysis

Leadership/Mentorship

Institute of Internal Auditor's (IIA) International Professional Practices Framework (IPPF)

Zero Trust

IAM

WORK EXPERIENCE

Risk and Compliance Consultant Compute-66

January 2024 – Present

Broomfield, Colorado

IT Compliance Consultant that partners and assist in numerous areas of business to meet the Government Regulations, Commercial Regulations, and Internal Policy’s needs. Ensure that associated processes, procedures, and controls are in place to manage today’s complex security risks. Continual testing of controls to meet compliance associated requirements.

Implementation of components of a Security Program to ensure Security and Compliance.

Development and Security Program Design, scoping, GAP analysis, NIST Implementation, and Project Management, Cross functional alignment

System Security Plan

Organizational Standards

Organizational Standards and Standard Operating Procedures / Technical writing

Compliance TOD & TOE

Leadership, Information Security Officer, and Team advisement

Organizational Level Agreements (OLA)

Global Internal Audit Manager TIAA

January 2022 – December 2023

DENVER, Colorado

As a Global Manager of PPG Internal Audit, I was responsible for providing Audit management and expertise for the Professional Practice Group of Internal Audit Services department. The work included job plans to conduct complex highest level of Quality Assurance Reviews for internal audits under the general direction of the Audit Executive/Director and in compliance with audit standards, schedules, and regulatory expectations. Continual work on problems of diverse scope involving assessment of risk, interpreting audit results and developing recommendations for remediation. The Manager of Internal Audit entails the oversight of Internal Audit teams of professional employees and serves as a subject matter expert regarding the evaluation of the adequacy of the company's internal control structure and effectiveness, effectively communicating complicated risk and control considerations to management, peers, external auditors, subordinates, and others. Additionally, the job entails the decisions on complex technical issues dealing with risk assessment, regulatory compliance and controls issues having moderate to high impact to the organization.

QAR

oAudits (Technical and non-technical)

oManagement Action Plans (MAPs) / Corrective Action Plans

oRisk Assessments

Education and Advisement on Audit Controls alignment and then provides guidance to subordinates and/or peers in the conduct of an audit and monitors progress and quality against stated audit objectives and department requirements.

Manages multiple projects concurrently with full responsibility.

Direct interactions with regulators such as the Federal Reserve, OCC, SEC, FINRA, or state Insurance Departments.

Ensuring Audit teams align problems of diverse scope using the organization's risk based internal auditing methodology.

Fosters an innovative and collaborative working environment to deliver effective and efficient audits leveraging data analytics and information technology specialists, as appropriate, to identify and implement advanced testing methods.

Ensure that Audit teams maintain remediation solutions where control weaknesses have been identified, providing recommendations on risk and control strategies and works with business management to track and monitor resolution of audit issues.

IT Risk and Compliance Manager KAISER PERMANENTE

July 2021 – January 2022

GREENWOOD VILLAGE, Colorado

Consult and advise on Compliance initiatives for Corporate Services

Manage SOX intake and ITGC reviews for Corporate Systems and Applications

Participate in Technology Risk office HIPAA IT Application Risk Assessment

Assist as needed in Sustaining SOX reviews.

Lead Application Compliance Profiling intake into ProcessUnity GRC tool

Evaluate ITGC’s and associated Narratives.

Educate Corporate Services IT Program/Project Managers in Compliance requirements and process to fulfil requirements.

Work with SOX PMO on requirements and intake

Work with Auditors on external SOX assessments

Complete SOC reviews to ensure alignment KP SOX requirements.

SOC Exception Management

Work with Application teams, CSIT technical leads, IT Operations, Risk Office, IAM, and Business application owners to satisfy requirements.

IT SECURITY AND COMPLIANCE AND ASSURANCE PROJECT MANAGER KAISER PERMANENTE

April 2017 – July 2020

GREENWOOD VILLAGE, Colorado

Supervised the HIPAA IT Operations Assessment team on HTCP initiatives.

Act as the HIPAA expert from technical, program management and business consulting perspective in support of IT Operations and IT Compliance activities

Enhance and matured the compliance program management for IT Operations Compliance, with a focus upon HIPAA control self-assessment activities.

Utilize NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments work paper foundation.

Coordinate the timing and execution of Annual IT Operations HIPAA Controlled Self-Assessment

Developed multi-year planning process and providing program/project descriptions, estimated costs and risk justification data.

Ensured that to nurture team and Business Partners relationships within IT Operations KP IT Executives, Security & Compliance Officers, and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.

Coordinated SME's and BIO’s alignment and understand internal control environment. Ensured that communications were understood, viable, and deliverable.

Continued to Serve on Vulnerability Management Work Group and increase contributions to Privacy and Security Initiative.

Ensured the Completion annual testing in quarter amount time of prior years and set testing alignment to two times a year versus one.

Working across several compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).

SR. IT SECURITY AND COMPLIANCE ASSURANCE PROJECT MANAGER APEX / KAISER PERMANENTE

January 2015 – February 2017

GREENWOOD VILLAGE, Colorado

Act as subject matter expert from technical, program management and business consulting perspective in support of IMG and IT Compliance activities.

Work across several compliance related initiatives to ensure appropriate federal, state, and industrial controls are adequately implemented and remediated to meet compliance expectations (HIPAA, SOX, PCI, etc.).

Provide advanced compliance program management for IMG Compliance, with a focus upon HIPAA control self-assessment activities.

Implement NIST Special Publication 800-66 (Health Insurance Portability Accountability Act (HIPAA) Security Rule) and 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) for assessments.

Remain current with emerging regulatory sentiments and assess the impact of laws and regulations on KP systems and technology. Manage largescale risk/security assessment studies and projects.

Exhibit pragmatism in formulating process remediation and implementation strategies, defining work scope; and providing recommendations. Design sustainment strategies and measurement systems to ensure that Compliance requirements can be scaled as well as maintained over time.

Support strategic multi-year planning process by providing program and project descriptions, estimated costs and risk justification data.

Develop and nurture trusted relationships with Business Partners, KP IT Executives, Security & Compliance Officers, and other Compliance Team Members to gain consensus approvals on strategies, recommendations, and project plans.

Coordinate with internal SMEs to understand internal control environment. Create SDA training and instruction to complete assessments. Oversee KP Security Control Mapping to IBM ISEC.

Serve on Vulnerability Management Work Group and contribute to Privacy and Security Initiative.

IT BUSINESS RELATIONSHIP MANAGER / SERVICE LEVEL MANAGER PRESBYTERIAN HEALTH PLAN

September 2011 – December 2014

ALBUQUERQUE, New Mexico

Effectively liaised C-Level Business Leadership and Infrastructure Technology teams, advised on conceptual and functional views of the applications that relate to the services portfolio/catalog.

Continually refined the development processed and solutions, ensured that IT environments were adequately supported and that solutions met the strategic goals in a timely manner, lower risk, and economically sound manner. Collaborated with PMO on project clarification needs.

Lead cross-functional IT teams in Agile or Waterfall environments, oversaw requirements gathering for Facets, Oracle, and reporting teams. Worked with Security on Facets access needs, integrated process, and workflow for Facets Broker commissions module.

Addressed budgetary needs, project feasibility and initiations.

Conducted gap analysis to distinguish current and future IT/Business roadmaps; developed intake solution; evaluated new products; created and responded to RFP’s/RFI’s.

Attended Federal and State Meetings, communicated to and from business, IT, and Government entities including the State of New Mexico’s Health Services Department (HSD) Medicaid, Commercial Products/ Health Insurance Exchange Office of Superintendent of Insurance (OSI) / CMS, and Medicare programs.

Managed all audits surrounding the Privacy, Security, HIPAA, SOC, and Internal Controls, served as primary IT interface contact to Compliance and Regulatory departments.

Information Technology CONSULTANT / Professional Service COMPUTE-66

July 2010 – September 2011

ALBUQUERQUE, New Mexico

COMPUTE-66 IT CONSULTING delivers a full spectrum of Computer Information Technology professional services for public, private, and government agencies.

Architectural Infrastructure Advisory / Business GAP Analysis

Computer System Hardware and Software

System analysis

Design (Agile / Waterfall)

Testing

Operations and maintenance

Computer Vendor Liaison

Computer Security, Performance Analysis

Operations Management, IT management, Supervisor and/or Operational Leadership

MANAGER / TECHNICAL LEAD / SR. SYSTEMS ANALYST SANDIA NATIONAL LABORATORY

October 2005 – July 2010

ALBUQUERQUE, New Mexico

Directed the entire personnel and the project lifecycle from development, integration, to production of the classified and unclassified Critical Infrastructure Computing Environment. Led the storage architecture group and disaster recovery team, conducted disaster recovery for New Mexico.,

Strategically enhance a fifteen-year staggering infrastructure computing environment into a high-performing computing environment. Achieved never experienced customer satisfaction level.

Consistently met all service level agreements (SLA’s) and systems development life cycles (SDLC) in compliance with the SNL, DOE, Military, and other Governmental agencies requirements.

Identified areas for improvements, investigated and integrated all new hardware and software concepts.

Owned and distributed budgets utilized all UNIX/Linux systems related to financials, PeopleSoft, data warehouse, general purpose, and e-business suites.

Enterprise System Governance Team in overseeing laboratory computing functions for current and future needs. Conveyed information to the Chief Information Officer (CIO). Facilitated cross-group collaborations with database managers, administrators, and e-business teams.

Successfully integrated Oracle Enterprise Linux (OEL) for the Oracle R12 e-business suite.

MANAGER SR. IT TEAM AND TECHNICAL LEAD HEWLETT-PACKARD

June 2000 – Oct 2005

ALBUQUERQUE, New Mexico

Managed all aspects of the primary Supercomputer System development that was utilized by tri-laboratories, NASA, and other government organizations.

Liaised end-users, development team and management to ensure all requirements are properly met.

Trained and educated junior analysts and coordinated cross-functional teams and collaborations.

Managed Budget needs.

Served as Computer Information Security Officer (CISO), designed and implemented a security plan.

Implemented system enhancement procedures which increased stability of the computing environment.

Additional Work Experience:

Manager Sr. IT Lead Security and Engineering Science Compaq/Hewlett-Packard

May 1997 – October 2005

Albuquerque, New Mexico

Sr. IT Lead / Manager Technical Integrator Digital/Compaq/Hewlett-Packard

May 1997 – October 2005

Albuquerque, New Mexico

Junior Engineer / Information Technology Lead Mission Research

May 1996 – May 1997

Albuquerque, New Mexico

Computer Analyst Information Technology Manager for Department and Space and Missiles Division Air Force Research Laboratory

May 1990 – May 1996

Albuquerque, New Mexico

Security Coronado Center Security

November1988 – May 1990

Albuquerque, New Mexico

Gunners Mate Second Class United States Navy

September 1984 – September 1988

San Diego, California

EDUCATION

Master of Science in Computer Information Systems University of Phoenix

September 1998 – May 2000

Albuquerque, New Mexico

Bachelor’s Earth and Planetary Science / Computer Science University of New Mexico

September 1992 - May 1996

Albuquerque, NM

Professional Certifications

Certified GRC Professional (GRCP)

Certified GRC Auditor (GRCA)

Integrated Artificial Intel license Professional (IAIP)

Integrated Risk Management Professional (IRMP)

Integrated Policy Management Professional (IPMP)

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Certified Data Privacy Solutions Engineer (CDPSE)

Certificate of Cloud Security Knowledge (CCSK)

Information Technology Infrastructure Library (ITIL)

ITIL Service Offerings and Agreements (ITIL SOA)

AWARDS

KP 3 Exceptional Work Achievement Awards

PHP Medicaid Directors Appreciation Award, 2011; PHP Award from VP of Strategic Planning, 2013; PHP Award from President of Health Plan, 2014.

Outstanding Accomplishment Award, Compaq, 1998; National Laboratory Institutional Cluster Project Award, HP / Sandia, 1999; National Laboratory ASCI Red Supercomputer,

HP / Sandia, 2003; 2005 DOE Security Audit, Sandia, 2005.

National Laboratory Employee Recognition Awards, Sandia, 2006.

Disaster Recovery Project-Livermore Deployment, Sandia, 2007.

End to End Virtualization Team, Sandia, 2009.

Corporate UNIX/Database Infrastructure Stability, Sandia, 2009.

Certificate of Achievement, United States Air Force, 1995.

Expedition Medal, United States Armed Forces, 1987, Sea Service Deployment Ribbon,

United States Navy. Expeditionary Medal,

United States Navy, 1987. Meritorious Unit Commendation,

United States Coast Guard, 1985.

Sailor of the Quarter, Sailor of the Year, USS p COMDESRON SEVEN, 1986.

Honorable Discharge, United States Navy, 1988.

PROFESSIONAL ASSOCIATIONS

International Institute of Business Analysis (IIBA)

Information Systems Audit and Control Association (ISACA)

International Information Systems Security Certification Consortium (ISC2)

Cloud Security Alliance (CSA)

451 Alliance Member

Open Compliance and Ethics Group (OCEG)

Cybersecurity and Infrastructure Security Agency (CISA)



Contact this candidate