PROFESSIONAL EXPERIENCE

Noah is a Director in the IT Internal Audit practice of Protiviti’s New York Office. Noah focuses on leading internal audits, IT SOX compliance, and outsourced arrangements working with organizations, both domestic and international, across the technology and financial services sectors. Prior to joining Protiviti, Noah managed Service Organization Control (“SOC”) audits over processes related to financial reporting and the Trust Services Criteria.

Most recently, Noah led a global High-Tech company in the Financial Services Industry with an OCC Consent Order and multiple MRA/MRIAs in place through establishment of an Internal Audit department, codification of internal audit policies and procedures, performing IT audit risk assessments, defining IT risk/audit universe, preparing annual IT audit plans, developing work-programs and test procedures, and managing execution of multiple IT audits. Through these activities, the regulatory consent order was lifted and their internal audit department and capabilities were transformed from start-up to a well-respected part of the organization.

Noah is a thought leader in the firm for preparing organizations for SOC reports, and authored a Protiviti white paper called “On the Road to SOC 2 Readiness – What Service Organizations Need to Know”. Additionally, Noah remains well versed in the FFIEC IT examination handbooks, cybersecurity frameworks, and a variety of regulatory/external audit requirements that have implications on the IT Audit discipline.

Technical areas include: cloud computing (SaaS/IaaS/PaaS), cyber security, application/infrastructure development, change management, data center operations, security administration, disaster recovery, data classification, logging/monitoring, patch management, data loss prevention, end of life, network and various platforms.

MAJOR PROJECTS

• Lead global risk assessment for Financial Technology organization across 15 countries and multiple office locations. Developed risk universe, mapped risks to COSO and CoBIT frameworks, conducted employee interviews across globe, identified audit areas based on inherent and residual risk, and assigned risk ratings to develop three year audit plan.
• Participated in a variety of IT audit related engagements evaluating and assisting technology organizations in designing and implementing effective internal controls. Documented and tested IT controls, interviewed business unit process owners, deliverables and milestones, and supervised consultants.
• Supported the evaluation and improvement planning for IT compliance across multiple business units, including: conducting interviews with key stakeholder, reviewing results of internally completed assessments, assessing current state of compliance with corporate standards, identifying gaps between control standards and supporting processes, analyzing information security standards and controls, identifying opportunities for consolidation and simplification of existing standards, and developing detailed action plans for closing gaps identified and satisfying each control standard.