Job Title: Information System Security Risk Analyst – Human Capital Management
Organisation: Ministry of Finance, Planning and Economic Development (MOFPED)
Project Name: The Third Financial Management and Accountability Programme (FINMAP III)
Duty Station: Kampala, Uganda
Reports to: Project Manager/IPPS
The Government of Uganda (GOU) has been implementing Public Service Reform Programmes aimed at improving efficiency, effectiveness and accountability in delivery of public services. Some of the reform initiatives included strengthening the human resource management function by enhancing the establishment and payroll control through implementation of an Integrated Personnel and Payroll System (IPPS).
The Government of Uganda is implementing Public Financial Management (PFM) reforms through the Third Financial Management and Accountability Programme (FINMAP III) with the primary purpose to strengthen Public Financial Management (PFM) at all levels of government and ensure efficient, effective and accountable use of public resources as a basis for improved service delivery. The programme is supported by Development Partners including DFID, Norway, EU, KFW, and DANIDA. The overall objective of FINMAP is derived from the GoU PFM reform strategy for the period from July 2014 to June 2019.
Job Summary: The Information System Security Risk Analyst – Human Capital Management will provide project risk management support to Ministry of Public Service (MoPS) in areas of information system security analysis, evaluating the risk exposure, identifying risks, planning and developing suitable responses to mitigate or avert possible risks and/or threats to the implementation of the new Human Capital Management System project.
Key Duties and Responsibilities
The Risk Analyst will be required to perform the following duties and responsibilities:
- Evaluate and review internal controls of the existing information systems and related ICT infrastructure and advise on the information system security to guide transition to the new HCM.
- Develop and monitor implementation of information security policies, procedures, controls and technical systems in order to maintain the confidentiality, integrity, and availability of the HCM system.
- Carry out information security risk assessments to ensure appropriate information security and business continuity controls exist including identifying, describing, analysing and estimating the risks.
- Identify and evaluate technology risks, mitigating controls, and opportunities for control improvement.
- Establish Standard Operating Procedures (SOPs)/criteria for proper management of HCM risks.
- Provide technical support in organizational risk reporting across project strategic, tactical and operational levels and across key stakeholders.
- Build staff capacity in risk awareness, analysis and management.
- Keenly monitor systems, identify and report violations of risk limits/controls.
- Evaluate the effectiveness of organizational controls, perform risk analysis and management activities and develop appropriate mitigation plans.
- Identify necessary enhancements for organizational business processes and policies to prevent operational project risks.
- Undertake audits of organizational policies relating the HCM project and ensure compliance with National standards, legislations and frameworks.
- Carry out self-assessments of the HCM information security management system to ensure the effective implementation of and compliance with the National Information Security Framework.
- Develop and maintain an up-to-date risk register for the HCM.
- Review and enhance existing risk modelling techniques.
- Perform procedures and assessments necessary to ensure the safety of information assets.
- Undertake continuous risk based system audits in accordance with the annual work plans.
- Conduct operational, compliance and investigative assessments.
- Ensure that a complete and cross referenced audit engagement plan is maintained for every audit engagement.
- Keenly monitor the HCM and supporting infrastructure through adequate audit logging, scanning, and monitoring processes.
- Provide risk and control advisory to the Ministry on pre and post implementation system development and enhancements.
- Conduct general and application control reviews for computer information systems and databases in respect to development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
- Monitor the resolution of all incidents and incident handling and escalation procedures to ensure effective incident resolution.
- Champion data mining and analytics use and capability development within the team.
- Keenly monitor developments in ICT risk management and audit approaches in the industry, assess viability and recommend actions for implementation and improvement.
- Any other duties as may be assigned from time to time.
Key Performance Indicators:
- Evaluation report on system security and internal controls of the existing information systems and related ICT infrastructure.
- Guidelines on the required information system security to support transition to the new HCM.
- Information system security and controls policy developed.
- Audit engagement plan developed and maintained for every audit engagement.
- Information System security audit reports provided quarterly.
- Documentation and dissemination of Standard Operating Procedures (SOPs)
- Strategy and plan for staff capacity building in risk awareness, analysis and management developed.
- Risk management strategy for HCM developed and an up-to-date risk register maintained.
- Quarterly and Annual Performance reports.
Qualifications, Skills and Experience:
- The Information System Security Risk Analyst – Human Capital Management must hold a Bachelor’s degree in Computer Science, Information Technology, Information Science, Information Systems, Information Security or a related field from a recognized university.
- Professional qualification in IT Industry Certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 or ISO 31000.
- Possession of PMP, Prince2, of ITIL will be an added advantage.
- At least four (4) years working experience in Risk Management or Information Security Management Information Systems Audit or ICT Audit consulting or a related field with two (2) years at a supervisory level.
- Previous experience in Governance Risk and Compliance tools as well as mechanisms.
- Experience in Oracle databases, networks and systems management and implementation of ICT projects.
- Working knowledge of National information risk management frameworks and standards.
- Broad knowledge of Information System Security.
- Demonstrable interest in information security and IT audit developments.
- Knowledge of Risk Management.
- Excellent analytical and problem solving skills.
- Excellent communication an interpersonal skill across strategic, tactical and operational levels.
- Stakeholder Management skill.
- Flexibility, persistence and willingness to work on a variety of activities/tasks.
- Logical and objective attention to detail, analytical abilities and the ability to recognize trends in data.
- A proactive approach with the confidence to make decisions.
- A methodical and well-organized approach to work.
- The ability to work under pressure and meet deadlines.
- Confidentiality of Government information.
- Knowledge of Government procedure, processes and operations.
How to Apply:
All candidates should send their applications, updated CVs and copies of academic certificates should be addressed and submitted to the address below. Envelopes should have clear reference to the job applied for. Send to:
The Programme Coordinator,
The Third Financial Management and Accountability Programme (FINMAP III),
Ministry of Finance, Planning & Economic Development Finance Building; 3rd Floor, Room 3.4 Plot 2/12 Apollo Kaggwa Road P 0 Box 8147, Kampala, Uganda.
Email to: [email protected]
Deadline: 7th May 2018 by 5:00pm