Jaime Contreras, MBA, CISM, CISA

I work as an IT Security Specialist at Gonzaba Medical Group. I serve as Membership Director for the Alamo Chapter of the Information Systems Security Association.

Information Risk Analyst Versant Health I applied my skills to update policies, procedures, supporting documentation and action plans to achieve HITRUST certification (a Healthcare security and privacy framework) and address SOC2 requirements. Duties included managing communications with external and internal auditors as well as information technology managers. Maintained and provided IT responses to 200+ scheduled and ad-hoc client audit requests and surveys on behalf of the company. Developed process to document and monitor results of internal and external scans to track timely remediation of vulnerabilities.
IT Security Specialist Gonzaba Medical Group As a security and privacy risk management professional, I have the ability to implement, manage and assess the proper security and privacy controls to protect healthcare and financial organizations.

I am responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. I apply my skills to update policies, procedures, supporting documentation and action plans to achieve HITRUST certification (a Healthcare security and privacy framework). Duties include managing communications with external and internal auditors as well as information technology managers and assisting with review of network security logs.
Risk and Compliance Manager Aventine Hill Partners (now Vaco) My role as a Risk and Compliance Manager was to assist our clients with the planning and execution of a variety of Technology, Infrastructure, SOX 404, Operational audits and Special Projects. In this role, I represented the client to external parties, developed and maintained collaborative working relationships and executed more complex audit plans.
Information Systems Manager UT Health Science Center at San Antonio Information Systems Manager with extensive experience in the audit and security of information systems. Responsibilities included providing objective assessments of information technology related to critical business functions (academic, research, financial and medical services) for the purpose of improving controls and operational efficiency. Leadership, communication, interpersonal and analytic skills required. Hired as Senior Information Systems Auditor December 2010 with Data Analysis Coordinator responsibilities added March 2012. Information Systems Manager promotion occurred on October 2013.
Audit Consultant Dell Computers Business IT Assurance team leader responsible for the review, documentation, assessment, and testing of automated and IT-dependent manual controls for Sarbanes-Oxley (SOX) regulatory compliance. Oversaw and managed team in India; ensured team identified key reports and interfaces during business process walk through as part of integrated audit approach and managed the testing of key financial system user access controls, key interfaces and key reports. Collaboration included managing and communicating project deadlines, coordination of sampling methodology and advanced request lists and sharing of deliverables.
Information Technology Professional Consultant Jefferson Wells (now Experis) Worked as part of the Technology and Risk Management (TRM) Team. Consulting work included development of IT security policies and procedures, Oracle security (application and database), AS400 security system values and assistance with Payment Card Industry (PCI) security reviews.
Senior Information System Audit Analyst Texas State Auditor's Office Part of Information Systems Audit Team that performed application and general control audits for a variety of network and mainframe environments (at times applying both Capability Maturity Model and SysTrust criteria in audit assessments).
Information Systems Staff Auditor Laredo National Bank (now BBVA USA) Conducted technology security audits (IBM mainframe, ADABAS database, TOP SECRET security and Windows NT environment), prepared report ready documents, contributed and developed audit plans and participated in audit risk assessments and disaster recovery and business continuity testing.
Supervising Auditor IV Texas State Auditor's Office Responsible for traditional (non-IT) audits of process controls during first two years of career. Joined Information Technology Audit Team in 1999 to perform information technology audits. Reviewed audit documentation, contributed and developed audit plans and managed Medicaid audit teams.
Accounting Clerk I Texas Court Reporters Certification Board (now Office of Court Administration) Part-time. Duties performed included all the accounting business operations functions of a chief accountant (i.e., purchasing, deposits, refunds, travel and payroll). Negotiated purchase contracts with vendors, participated in budget decisions and developed user expertise in a variety of statewide information systems.

Masters in Business Administration (MBA) Texas State University
Certified Information Systems Auditor (CISA) ISACA
Certified Information Security Manager (CISM) ISACA
Bachelor's of Arts, Psychology University of Texas in Austin