Saleh Alnoamani

Experience

• 

  Deloitte

  Nov 2022 - now

  - Assessment of the information security controls against industry best practices and local standards such as ISO 27001 and NESA. - ⁠Application control reviews by analyzing the implemented security measures, configuration settings, and inventory management within an organization's software environment. - ⁠IT Governance reviews (including Governance Framework Setting and Maintenance, IT Risk Management, IT and Business Alignment, IT Service Management, Human Resource Management, Quality Management, Project and Portfolio Management) based on best practices such as COBIT. - ⁠IT Service Management reviews against ISO 20000 covering service desk management, service reporting, change, release, incident, problem and service management. - ⁠ERP reviews including Access Controls, Transaction Controls, Configuration and Preventive Controls for Fixed Assets, GL, HR, Finance modules. Key Responsibilities included discussing business requirement related to the controls and performing testing along with the IT team. - ⁠IT Vendor Management by assessing the effectiveness of IT Contract Management processes and practices including compliance and adequacy of key IT contracts which includes Governance Outsourcing Framework., Service provider management and delivery, Contractual Compliance, Cost Recovery and Regulatory implications. - ⁠Software Development Life Cycle (SDLC) review to assess the effectiveness and efficiency of the SDLC, ensuring adherence to best practices, industry standards, and compliance requirements, and to identify areas for improvement and enhance the quality of software deliverables - ⁠IT ICFR reviews based on COSO framework covering IT General controls for the various clients in UAE- IT Risk Assessment by identifying and evaluating potential threats and vulnerabilities within the IT infrastructure and the development of internal audit plan for 3-5 years based on the results of the risk assessment. Show less

  • Consultant

    Oct 2024 - now

  • Business Analyst - Cyber & Strategic Risk Advisory

    Aug 2023 - Oct 2024

  • Intern - Risk Advisory

    Nov 2022 - Jul 2023