George DeCesareGeorge DeCesare
SVP, Chief Technology
Risk Officer

Kaiser Permanente’s increased reliance on technology to meet business goals coupled with the growing sophistication of cyber criminals, exposes our organization to ever increasing threats and risks – risks that could have a critical impact on our security, brand and reputation. The challenge is to stay ahead of the risk curve while still allowing for the extraordinary level of patient and member care that we are known for. As Kaiser Permanente’s central technology risk function, the Technology Risk Office (TRO) is responsible for maintaining overall data security at Kaiser Permanente, managing technology risk and ensuring compliance in the IT space.

The Technology Risk Office partners as a trusted advisor, protects the brand, people and enterprise, and promotes technology risk management innovation and reform.

Who We Are

TRO is composed of the teams below. Click on any to expand information.

Cyber Security

Steve Frank
Executive Director, Interim Chief Information Security Officer
Email Steve

Suzie Skigen, Lead Administrative Assistant
720-830-7524 (mobile) • 303-713-3457 (office)
Email Suzie


We reduce the probability and impact of a successful cyber attack by applying safeguards that obstruct the path of a threat. This strengthens the trust members and patients have in our technology and allows them to improve their lives with high-quality, affordable, and secure care delivery.

Health IT Strategy & Policy

Jamie Ferguson

Jamie Ferguson
Vice President, Health IT Strategy and Policy
Email Jamie

Cookie Singh, Executive Assistant
Email Cookie


We help develop, recommend and advocate for Kaiser Permanente’s health information strategies and policies by representing the organization with state and federal agencies, industry groups, and standards development organizations. Additionally, we advise and consult with Kaiser Permanente internal clinical, business and technical partners on the interpretation, impact and implementation of Health IT policies and standards.

Identity & Access Management

Joel Engstrom
Executive Director, Identity & Access Management
Email Joel

Anna Diaz-Tapia, Executive Support
Email Anna


We provide users the right access to applications and services when they need it. We work closely with End User Services (EUS), IT Operations, Technology Risk Management, and other key organizations to safeguard Kaiser Permanente and access to our systems and files.

Office of the Chief Technology Risk Officer

Shelly Benning

Rochelle Benning
Chief of Staff and Executive Director,
Office of the Chief Technology Risk Officer
Email Rochelle



We help the Technology Risk Office to operate efficiently and effectively as a highly integrated organization by providing centralized strategic services and standardized business operations.

Risk Remediation, Execution & Data Governance

Heather McPhersonHeather McPherson
Executive Director, Risk Remediation, Execution & Data Governance
Email Heather

Anna Diaz-Tapia, Executive Support
Email Anna


We are responsible for managing TRO programs, projects, and portfolios to ensure they deliver the desired program and project outcomes. This is inclusive of developing business requirements, portfolio management, financial oversight and management, M&A coordination and capability, and TRO alignment with large programs.

Technology Risk Management

Michael RuehmkorffMichael Ruehmkorff
Vice President, Technology Risk Management
Email Michael

Melanie J. Young, Lead Administrative Assistant
Email Melanie


Technology Risk Management exists to help our customers understand and manage risks associated with technology solutions. Our team is the main point of contact between TRO and our program-wide operational, clinical and IT customers. We promote the adoption of risk management processes through technology risk advisory, assessment, compliance support, and other security services. 

Visit Risk Assessment service page >
Learn more about vendor risk management >