Profile: Salomon Frangieh, Brown's New IT Auditor
Salomon Frangieh joined Brown University as its Associate University Auditor, Information Technology this past February.
In his capacity as Brown's new IT Auditor, Frangieh is responsible for the creation and development of an information systems audit program for the University. He will be involved in a continual risk assessment process, evaluating and making recommendations regarding the adequacy of the internal controls inherent in the University's information systems and the effectiveness of the associated risk management. Prior to Brown, Frangieh worked at KPMG LLP's Boston office in their IT Advisory Services practice.
Q. What drew you to Brown?
A. I was always attracted to the environment at colleges and universities and fascinated by the energy and passion of faculty, staff and students have. Brown's solid reputation and the feedback I heard from Brown staff made me more attracted to work at Brown and I quickly became a proud member of the Brown family.
Q. How is working at Brown different from or the same as previous work experiences?
A. As a higher ed institution, Brown is very different from the way financial institutions are structured and function. It's less formal here and I like that; it makes it easier to operate and navigate. In a nutshell, it's much more fun to work here.
Q. What have you been working on since coming to Brown?
A. I spent the first 30 days meeting various key players on campus whether at CIS or other departments. The objective was to learn about their job responsibilities and about the challenges and issues they are facing from an IT perspective. I also took the opportunity to introduce myself and my plans. Immediately after that, I developed the IT Audit Universe (i.e. the areas I will be reviewing) based upon the information I gathered from those meetings and based upon industry practices. I also took into consideration the laws and regulations applicable to higher education while developing the IT audit universe. I also started a review for Personally Identifiable Information (PII) for selected areas in March, and it's well underway now. I am now gearing up for a systems access review for the network domains and key applications. More to come soon.
Q. What are your main goals for the coming year?
A. My main goals for the coming year are to execute as many IT Audit reviews for high risk areas and tackle any special projects along the way as needed. Things come up every now and then so I have to adjust my schedule and plans accordingly to accommodate these special projects, since some of them may be urgent in nature and require my immediate attention.
Q. You will be working closely with the Chief Information Security Officer. How does your job differ from and complement that of the CISO's?
A. Absolutely! As a matter of fact, David and I started working together on the first day I joined on a security related matter. I believe it was my welcoming gift! David and I meet regularly and we are teaming up on a few initiatives related to security, privacy and risk assessment. David's role and mine are similar in the sense that we both want to help the University manage its risk and highlight any areas of exposure. The difference is that David can design controls and processes, whereas I can only recommend so as to prevent any conflict of interest, because I can't audit a control or a process I designed and implemented.
Q. Did you always want to grow up and be an IT Auditor?
A. Not really, I never thought I would become an IT Auditor. My background is in IT operations, systems implementations and systems security. I was approached by one of the financial institutions a long time ago to help develop their IT Audit Group. It took me a few weeks to decide to "jump the fence" and I finally did because I liked the challenge of learning something new. It was a smooth transition and not as bad as I first imagined because I was very familiar with the security concepts and I quickly caught on the IT Audit methodologies, principles and practices.
Q. What keeps you busy when you're not at Brown?
A. I try to play tennis at least once or twice a week. I like to spend time with family and friends. I consider myself a gourmet. I like my food and wine and I go about trying different restaurants with different cuisines so I eat out a lot. I have to say that there are fabulous restaurants in the Providence area. I am a big movies fan so I try to watch as many as I can, time allowing. I also try to stay up to date on local and international news by reading different magazines and online articles. I have to confess that I do like shopping, believe it or not.
Q. What's your favorite spot in Rhode Island for hanging out on a summer day?
A. Newport is one of my favorite spots in the summer time. It has a lot of character and a lot to offer.
Q. Anything else you'd like to add?
A. Yes, I am very happy I joined Brown and I hope to be here for years to come.
Problems with this page? Write to secureit@brown.edu