Information System Security Risk Analyst FINMAP III Jobs – Ministry of Finance, Planning and Economic Development (MOFPED)

Organisation: Ministry
of Finance, Planning and Economic Development (MOFPED)
Project Name: The Third
Financial Management and Accountability Programme (FINMAP III)
Duty Station: Kampala,
Uganda
Reports to: Project
Manager/IPPS
About US:
The Government of Uganda (GOU)
has been implementing Public Service Reform Programmes aimed at improving
efficiency, effectiveness and accountability in delivery of public services.
Some of the reform initiatives included strengthening the human resource
management function by enhancing the establishment and payroll control through
implementation of an Integrated Personnel and Payroll System (IPPS).
The Government of Uganda is
implementing Public Financial Management (PFM) reforms through the Third
Financial Management and Accountability Programme (FINMAP III) with the primary
purpose to strengthen Public Financial Management (PFM) at all levels of
government and ensure efficient, effective and accountable use of public
resources as a basis for improved service delivery. The programme is supported
by Development Partners including DFID, Norway, EU, KFW, and DANIDA. The
overall objective of FINMAP is derived from the GoU PFM reform strategy for the
period from July 2014 to June 2019.
Job Summary: The Information
System Security Risk Analyst – Human Capital Management will provide project
risk management support to Ministry of Public Service (MoPS) in areas of information
system security analysis, evaluating the risk exposure, identifying risks,
planning and developing suitable responses to mitigate or avert possible risks
and/or threats to the implementation of the new Human Capital Management System
project.
Key Duties and Responsibilities:  
The Risk Analyst will be
required to perform the following duties and responsibilities:
  • Evaluate and review internal controls of
    the existing information systems and related ICT infrastructure and advise
    on the information system security to guide transition to the new HCM.
  • Develop and monitor implementation of
    information security policies, procedures, controls and technical systems
    in order to maintain the confidentiality, integrity, and availability of
    the HCM system.
  • Carry out information security risk
    assessments to ensure appropriate information security and business
    continuity controls exist including identifying, describing, analysing and
    estimating the risks.
  • Identify and evaluate technology risks,
    mitigating controls, and opportunities for control improvement.
  • Establish Standard Operating Procedures
    (SOPs)/criteria for proper management of HCM risks.
  • Provide technical support in
    organizational risk reporting across project strategic, tactical and
    operational levels and across key stakeholders.
  • Build staff capacity in risk awareness,
    analysis and management.
  • Keenly monitor systems, identify and
    report violations of risk limits/controls.
  • Evaluate the effectiveness of organizational
    controls, perform risk analysis and management activities and develop
    appropriate mitigation plans.
  • Identify necessary enhancements for
    organizational business processes and policies to prevent operational
    project risks.
  • Undertake audits of organizational
    policies relating the HCM project and ensure compliance with National
    standards, legislations and frameworks.
  • Carry out self-assessments of the HCM
    information security management system to ensure the effective
    implementation of and compliance with the National Information Security Framework.
  • Develop and maintain an up-to-date risk
    register for the HCM.
  • Review and enhance existing risk
    modelling techniques.
  • Perform procedures and assessments
    necessary to ensure the safety of information assets.
  • Undertake continuous risk based system
    audits in accordance with the annual work plans.
  • Conduct operational, compliance and
    investigative assessments.
  • Ensure that a complete and cross
    referenced audit engagement plan is maintained for every audit engagement.
  • Keenly monitor the HCM and supporting
    infrastructure through adequate audit logging, scanning, and monitoring
    processes.
  • Provide risk and control advisory to the
    Ministry on pre and post implementation system development and
    enhancements.
  • Conduct general and application control
    reviews for computer information systems and databases in respect to
    development standards, operating procedures, system security, programming
    controls, communication controls, backup and disaster recovery, and system
    maintenance.
  • Monitor the resolution of all incidents
    and incident handling and escalation procedures to ensure effective
    incident resolution.
  • Champion data mining and analytics use
    and capability development within the team.
  • Keenly monitor developments in ICT risk
    management and audit approaches in the industry, assess viability and
    recommend actions for implementation and improvement.
  • Any other duties as may be assigned from
    time to time.
Key Performance Indicators:
  • Evaluation report on system security and
    internal controls of the existing information systems and related ICT
    infrastructure.
  • Guidelines on the required information
    system security to support transition to the new HCM.
  • Information system security and controls
    policy developed.
  • Audit engagement plan developed and
    maintained for every audit engagement.
  • Information System security audit
    reports provided quarterly.
  • Documentation and dissemination of
    Standard Operating Procedures (SOPs)
  • Strategy and plan for staff capacity
    building in risk awareness, analysis and management developed.
  • Risk management strategy for HCM
    developed and an up-to-date risk register maintained.
  • Quarterly and Annual Performance
    reports.


Qualifications, Skills and Experience:
  • The Information System Security Risk
    Analyst – Human Capital Management must hold a Bachelor’s degree in
    Computer Science, Information Technology, Information Science, Information
    Systems, Information Security or a related field from a recognized
    university.
  • Professional qualification in IT
    Industry Certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 or ISO
    31000.
  • Possession of PMP, Prince2, of ITIL will
    be an added advantage.
  • At least four (4) years working
    experience in Risk Management or Information Security Management
    Information Systems Audit or ICT Audit consulting or a related field with
    two (2) years at a supervisory level.
  • Previous experience in Governance Risk
    and Compliance tools as well as mechanisms.
  • Experience in Oracle databases, networks
    and systems management and implementation of ICT projects.
  • Working knowledge of National
    information risk management frameworks and standards.
  • Broad knowledge of Information System
    Security.
  • Demonstrable interest in information
    security and IT audit developments.
  • Knowledge of Risk Management.
  • Excellent analytical and problem solving
    skills.
  • Excellent communication an interpersonal
    skill across strategic, tactical and operational levels.
  • Stakeholder Management skill.
  • Flexibility, persistence and willingness
    to work on a variety of activities/tasks.
  • Logical and objective attention to
    detail, analytical abilities and the ability to recognize trends in data.
  • A proactive approach with the confidence
    to make decisions.
  • A methodical and well-organized approach
    to work.
  • The ability to work under pressure and
    meet deadlines.
  • Confidentiality of Government
    information.
  • Knowledge of Government procedure,
    processes and operations.
How to Apply:
All candidates should send
their applications, updated CVs and copies of academic certificates should be
addressed and submitted to the address below. Envelopes should have clear
reference to the job applied for. Send to:
The Programme Coordinator,
The Third Financial Management
and Accountability Programme (FINMAP III),
Ministry of Finance, Planning
& Economic Development Finance Building; 3rd Floor, Room 3.4 Plot 2/12
Apollo Kaggwa Road P 0 Box 8147, Kampala. Uganda.
Email to: finmap@finance.go.ug
Deadline: 7th May 2018 by 5:00pm
For more of the latest jobs,
please visit http://www.theugandanjobline.com or
find us on our Facebook page https://www.facebook.com/UgandanJobline

Leave a Reply

Your email address will not be published. Required fields are marked *