00 AI GOVERNANCE ARCHITECT — HIPAA · EU AI ACT · NIST AI RMF

I help regulated enterprises ship LLM systems that pass audit.

Healthcare, financial services, aviation, federal compliance — and any domain where AI failure is expensive. I architect the governance layer, evals, and infrastructure that make production GenAI trustworthy at scale.

Book an intro call → View selected work

10K+ users in production 30→70+ compliance F1 200% faster inference 17+ frameworks shipped

6 years building production AI · Founder, ClarisMD · Advising United Airlines (via KForce) · ex-Senior Data Scientist, 4CRisk.ai

01 Proof, not promises

Numbers from systems already in production

Every figure below comes from shipped, client-verified work — not a pitch deck. Hover for the context.

10K+

Users on a regulated-finance RAG copilot

ARIA Co-pilot at 4CRisk.ai — scaled to 10,000+ users in production financial-services compliance.

30 → 70+

Compliance-map F1 lift

More than doubled compliance-mapping F1, with overall parsing/retrieval/ranking/generation accuracy driven past 70% (client-verified).

200%

Inference speedup

Re-architected the serving path for a 200% inference speedup — without trading away accuracy.

days → hours

Compliance review time

FedRAMP / CMMC / NIST 800-53 analyst review compressed from days to hours via context-aware RAG and control mapping.

17+

Frameworks operationalized

HIPAA, HITECH, GDPR, EU AI Act, NIST AI RMF, ISO 42001, SOC 2, FDA SaMD, ONC HTI and more — mapped to live controls in ClarisMD.

Regulated industries shipped in

Healthcare, financial services, aviation, and federal — production AI under real audit pressure.

02 What I help with

Three ways teams work with me

The wedge is healthcare-grade governance. The patterns — multi-tenant LLM gateways, audit-defensible evals, risk registers tied to controls, agent and RAG observability — transfer cleanly to financial services, aviation, federal, and any enterprise where AI sits in front of a regulator, a P&L, or a customer who can sue.

Compliance-blocked AI launches

You've built a GenAI product and legal, security, or compliance is blocking the ship. I architect the governance layer — risk register mapped to NIST AI RMF, ISO/IEC 42001 controls, HIPAA/HITECH PHI handling, EU AI Act Article 9–15 conformity — and the eval suite that lets you defend the decisions.

4–10 week sprint. Governance framework, risk register, eval harness, board-ready evidence pack.

LLM systems that scale & stay safe

RAG that hallucinates in production. Agents that loop. Costs that won't predict. Evals that don't catch regressions. I redesign the system end-to-end — gateway, retrieval, prompt strategy, eval pipeline, observability — so it runs at audit-friendly scale.

6–12 week build, optional retainer. Production system, eval pipeline, runbook, on-call handover.

Fractional AI architect / advisor

Pre-Series-B startup or mid-market enterprise that needs senior AI leadership without a full-time hire. I sit in your weekly architecture review, vet vendor decisions, mentor your ML/AI team, and own the AI risk posture for your board.

1–2 days/week, monthly retainer. Senior AI leadership and risk ownership on demand.

03 Selected work

Shipped in regulated, high-stakes environments

All client engagements anonymized to NDA scope. Outcomes verified by the engaging team.

United Airlines, via KForce · 2025–present

Enterprise LLM platform for a Fortune 100 airline

Context

A Fortune 100 airline needed audit-friendly, executive-ready automation across reporting, customer service, and finance — without leaking PII or producing inconsistent metrics in front of leadership.

Approach

Architected proxy-routed LLM layers with engineered fallbacks, deterministic formatting, and layered safety guardrails so every output stayed defensible under executive and compliance scrutiny.

System

Weekly Status Report automation (Jira analytics → S3-versioned PowerPoint templates → proxy-routed LLM producing PPTX with deterministic text fitting); customer-service smart-response (dual-summary architecture, parallel multi-model inference, real-time PII masking, prompt-injection + toxicity guardrails); invoice reconciliation (Gemini PDF→Markdown + Bedrock Claude schema extraction, LangGraph multi-agent workflow, LightRAG knowledge graph on Neptune + Milvus + Cohere Rerank, tri-database backend).

Outcome

Consistent multi-portfolio status rollups, and finance now auto-validates vendor PDF invoices against UA-computed service classifications at airport scale.

Skills

Multi-agent orchestrationPrompt engineeringLLM securityKnowledge graphsRe-rankingSchema extractionAsync inferenceKubernetesObservability

KovrAI / Supertal.io · 2025

RAG for FedRAMP / CMMC compliance automation

Context

Compliance teams were spending days manually reviewing controls across FedRAMP, CMMC, and NIST 800-53.

Approach

Designed and led an enterprise RAG platform that folds control mapping and policy reasoning directly into the prompt logic, rather than treating retrieval as a bolt-on.

System

Context-aware document retrieval, automated control mapping, and LLM-driven policy recommendations across the three frameworks.

Outcome

Compliance-analyst review time on a regulated framework cut from days to hours.

Skills

Enterprise RAGPrompt engineeringSemantic retrievalVector search (Milvus)Compliance reasoningvLLM

4CRisk.ai · 2022–2025

Production RAG scaled to 10K+ users in regulated finance

Context

A regulated financial-services platform needed a conversational LLM copilot that could be trusted by compliance teams and scaled to a real user base.

Approach

Led design and oversight of ARIA Co-pilot, and built the data-versioning, experiment-tracking, and in-house LLM training / prompt-engineering frameworks that made accuracy gains repeatable rather than one-off.

System

LLM-powered conversational platform with a parsing → retrieval → ranking → generation pipeline; DVC + MLflow for data versioning and experiment tracking.

Outcome

Scaled to 10K+ users; accuracy past 70% (client-verified); compliance-map F1 lifted 30 → 70+; 200% inference speedup.

Skills

RAG at scaleLLM fine-tuningPrompt engineeringSentence-transformer trainingT5 summarizationSemantic search & clusteringClassificationSynthetic dataMLOps (DVC · MLflow)

Xenie-AI · 2025

Multilingual voice AI for 9 Indian languages

Context

The product needed a hands-free, secure voice assistant working across 9 Indian languages, with awareness of the speaker's emotional state.

Approach

Architected an end-to-end STT→LLM→TTS pipeline and layered emotion intelligence and voice-biometric authentication on top.

System

NVIDIA NeMo and IndicF5 for the speech pipeline; multimodal emotion layer (BERT, Wav2Vec2, DeepFace); ECAPA-TDNN voice biometrics with wake-word detection.

Outcome

Hands-free, secure authentication with multilingual, emotion-aware interaction.

Skills

Speech AI (STT/TTS)Voice biometricsMultimodal emotionEnsemble learningCross-lingual RAGReal-time audio

EONMED · 2025

Non-invasive vital-sign monitoring from smartphone video

Context

Capture clinical-grade vitals and image-based diagnostics from an ordinary smartphone, with no invasive hardware.

Approach

Built rPPG signal pipelines, medical computer-vision models, and medical-LLM services for image interpretation as deployable endpoints.

System

rPPG for heart rate, BP, SpO₂, respiratory rate, and stress; CNN / ViT / YOLOv8 for cataract grading, skin-cancer classification, and ophthalmology; FastAPI medical-LLM services for radiology, dermatology, and pathology image interpretation.

Outcome

Non-invasive vitals plus image-based diagnostics delivered through deployable medical services.

Skills

Computer visionrPPG signal processingMedical image classificationExplainable AIMedical LLMSupervised learningXGBoost

04 The platform behind the practice

ClarisMD

clarismd.com · Self-funded, solo-built · Live in production

A healthcare AI governance platform that secures and governs enterprise interactions with OpenAI, Anthropic, Gemini, and AWS Bedrock through a unified LLM gateway. I built it because the controls my consulting clients kept asking for didn't exist as a packaged product.

What it does

Multi-provider LLM gateway: tenant isolation, encrypted key management, semantic caching, rate limiting, cost attribution, budget controls.
Healthcare-grade safety: PHI/PII detection & redaction, prompt-injection defense, toxicity validation, constitutional-AI evaluation, automated red teaming.
Governance for RAG & agents: hallucination detection, retrieval monitoring, agent-loop detection, memory governance, audit-ready evidence generation.
Controls mapped to 17+ frameworks: HIPAA, HITECH, GDPR, EU AI Act, NIST AI RMF, ISO 42001, SOC 2, FDA SaMD AI/ML, ONC HTI.
Enterprise infra: RBAC, MFA, audit trails, OpenTelemetry, Prometheus, Grafana, Sentry, automated CI/CD.

Why it matters for clients

ClarisMD is proof I've operationalized these frameworks end-to-end — not just read the PDFs. When you hire me to architect your governance layer, I bring the same patterns I've already shipped, debugged, and stress-tested in a production product.

@clarismd/sdk (npm) clarismd (PyPI)

05 Capabilities

The full toolkit I bring to an engagement

Governance is where I lead, but it sits on top of a decade of hands-on ML. Every technique below is one I’ve shipped in production — across agents, retrieval, classical ML, vision, and speech — not a syllabus.

Agentic AI & orchestration

Multi-agent systemsLangGraph Tool / function callingAgent-loop detection Stateful memory governanceAsync inference

RAG & retrieval

LightRAGKnowledge graphs (Neptune) Vector search (Milvus)Re-ranking (Cohere) Semantic searchCross-lingual retrieval

Prompt engineering

Schema-constrained extractionStructured outputs Few-shot & CoT designCompliance reasoning prompts Prompt evaluation & iteration

LLM safety & AI security

Prompt-injection defensePHI / PII detection & redaction Toxicity validationArthur Shield guardrails OAuth2 · RBAC · MFAEncrypted key management Automated red teaming

Evaluation & observability

Hallucination detectionRAG eval pipelines Regression eval harnessOpenTelemetry · Prometheus Grafana · SentryAudit-ready evidence

LLM gateway & serving

Multi-tenant routingTenant isolation Semantic cachingCost attribution & budgets vLLMOpenAI · Claude · Gemini · Bedrock

Supervised learning

NER (BERT · Flair · spaCy)Sentiment (BERT · MuRIL) T5 summarizationXGBoost Text & image classificationEnsemble methods

Unsupervised learning

ClusteringSemantic similarity Topic modelingAutoML (PyCaret) Synthetic data generation

Deep learning & fine-tuning

TransformersLLM & LoRA fine-tuning Sentence-transformer trainingCNNs · ViT PyTorch · TensorFlow

Computer vision

Medical image classificationYOLOv8 detection rPPG signal processingOpenCV · MediaPipe Facial keypointsExplainable AI

Speech & voice AI

ASR (NeMo · Wav2Vec2)TTS (IndicF5) Voice biometrics (ECAPA-TDNN)Multimodal emotion Real-time audio

MLOps, data & cloud

DVC · MLflowKubernetes · Helm CI/CDPostgreSQL · Redis · MongoDB PySpark · RedshiftAWS

06 Frameworks & standards I operationalize

Not just read — shipped, debugged, and audited

Healthcare

HIPAAHITECHFDA SaMD AI/ML ONC HTI-1BAA-compliant inference

AI-specific governance

EU AI Act (Art. 9–15)NIST AI RMF ISO/IEC 42001OECD AI Principles Model cardsAI risk register

Privacy & general

GDPRSOC 2 Type II HITRUSTISO 27001-adjacent

Government / Federal (US)

FedRAMPCMMCNIST 800-53

Production-AI patterns I ship

AI gatewaymulti-tenant LLM routing semantic cachingcost attribution PHI/PII detectionprompt-injection defense toxicity validationconstitutional AI automated red teaminghallucination detection retrieval monitoringagent-loop detection memory governanceevals model observability

07 Speaking & publications

Research & stage

ICCIT 2025 — 4th International Conference on Creative Communication and Innovative Technology (presenter).
IEEE — AI Analysis of Cultural Narratives Shaping Emotional Responses to Infertility · paper
IJAST — Analysis of Deep Learning algorithms on COVID-19 Radiography Database · code
IJAST — AUTHEER: A Voice-Based Speaker Authentication System · code

Available for keynotes, panels, and podcast guesting on AI governance, healthcare AI compliance, and production LLM systems.

08 Writing

Field notes from production GenAI

I write about LLM systems design, AI governance in regulated industries, and what actually breaks in production GenAI. Pieces in progress:

What HIPAA actually requires from your LLM gateway
Why your RAG eval pipeline is lying to you
EU AI Act Article 9 in practice for healthcare AI

09 About

AI architect, Bengaluru — working across timezones

Aman Jaiswal, AI Governance Architect — **Aman Jaiswal**AI Governance Architect · Bengaluru, IN

Résumé (PDF) → LinkedIn GitHub

Six years in production AI: started as an MLE shipping NLP and computer-vision systems (US Tech Solutions, CRMNext), spent 2.5 years scaling regulated-industry RAG at 4CRisk.ai, and now run consulting engagements alongside building ClarisMD.

Most enterprise AI projects don't fail on the model — they fail on governance, eval discipline, and the boring infrastructure that makes the model trustworthy at scale. That's the part I'm good at.

Outside enterprise work, I co-founded Rigetnest Innovation Labs, advising early-stage AI product teams.

Industries shipped in

HealthcareFinancial services AviationFederal (FedRAMP/CMMC) Voice & multilingual AIMedtech Customer service automation

Education

B.Tech, Computer Science (CGPA 8.79). Computer Vision Nanodegree (Udacity), LLMOps (Udacity), NPTEL Deep Learning I & II.

10 Contact

Let's scope your engagement

I take a small number of new engagements each quarter. The fastest path is a short email — tell me, in 4–5 lines:

What you're building (or trying to ship).
What's blocking you — compliance, scale, evals, hiring, vendor decision.
Your timeline.
Whether you need a 4-week sprint, a build engagement, or fractional advisory.

I reply within 48 hours on weekdays. If we're a fit, we'll do a 30-minute scoping call.

Get in touch

Email is the fastest way to reach me.

ai.amanjaiswal@gmail.com

LinkedIn GitHub ClarisMD