MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE"

Transcription

1 MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST 1.0 Background Government of Uganda (GoU) through the Ministry of Finance, Planning and Economic Development (MoFPED) has been implementing public financial management reforms in order to improve efficiency, transparency and accountability in the management of public resources as well as facilitate the standardization of accounting and reporting frameworks. These reforms have amongst others, involved implementation of computerized financial management systems in Ministries, Agencies, and Local Governments (MALGs). The implementation of these new systems is being undertaken in a phased manner and separate systems are being rolled out depending on the specific requirements of the government agency/sector. MoFPED has twin Datacenters connected to the MoFPED LAN, and over serial WAN links to MALGs. One of the Datacenters provides failover services. The key computerized financial management systems being used/ implemented in government include: 1. The Oracle based Integrated Financial Management System (IFMS) which has been implemented in mainly central government votes. This system comprises an Oracle Financials E-Business suite application (Oracle R12i Treasury Solution) and Oracle 11g database hosted on HPUX 3.2. Implementation of this system started in 2003 and the application has so far been extended to 89 MALGs. System architecture comprises decentralized data capture over a WAN with centralized data processing and storage at MoFPED Datacenters. 2. The midrange Integrated Financial Management System (IFMS2) which is being implemented in local government votes. Implementation has so far covered 26 local governments with plans to extend it to another 33 LGs in the financial year 2014/15. This system is built on distributed topology with periodic synchronization on a central platform at MoFPED Datacenters. The technologies used are Microsoft Dynamics Navision 2009 and Microsoft SQL 2008 Enterprise on Windows Server 2008 R2 Enterprise. 3. The Microsoft Dynamics Navision 2009 financial management system used by the 33 Foreign Missions. The system is built on a distributed topology, with manual periodic consolidation. 4. The Computerized Education Management and Accounting System (CEMAS) due to be implemented in Public Universities and Self-Accounting Tertiary Institutions. This will be on Microsoft Dynamics GP 2013 with CRM and Students, Academics and Human Resource Management functions. 1

2 The systems have several operational or planned interfaces include those with Bank of Uganda, Uganda Revenue Authority, Uganda National Examinations Board, the Intergrated Personnel & Payroll System, Commercial financial services providers, etc. PFM functions and services are also dependent on auxilliary systems that provide among others, support for communication, collaboration and reporting. These systems include mail exhangers and alert generators. Some of the support systems are critical for service delivery and information sharing tasks, e.g., User support and education; as well as for core business functions, e.g., authorisation and/or confirmation of EFT transactions. The auxilliary systems are centrally hosted at MoFPED Datacenters, and include IT operations and cyber security monitoring and administration tools. Due to the expanding roll-out of the computerised financial management systems across government, the specialised nature of IT systems security processes and considering the complexity and extended nature of government financial management operations, there is added need for strengthening the management over the computerised financial management systems. MoFPED now seeks to recruit an IT Systems Security Compliance and Quality Assurance Specialist with the consultant having significant responsibilities related to IT Systems Risk Management and Security Compliance. 2.0 Objective of the assignment To support the Accountant General s Office in review, development, oversight, monitoring and leadership of capacity building efforts for IFMS security management and quality assurance processes. In particular, the consultant will continuously appraise systems security set-ups for the applications and related infrastructure and advise management and other IT technical leads on required security enhancements and overall IT systems risk management measures. 3.0 Detailed assignment description The IT Compliance and Quality Assurance Specialist will be responsible supporting the establishment of an IT systems compliance unit and for reviewing, developing, and monitoring the Compliance and Quality Assurance regime for all computerized systems but with focus on the Oracle R12 E-Business Suite and Oracle 11g Database, and its supporting infrastructure. We are seeking a seasoned IT Compliance and Quality Assurance professional with in-depth experience of working with integrated financial management systems especially the Oracle e- Business Suite Applications R12 and related/supporting technologies. The Consultant will have responsibility for developing the strategy, delivery and operational monitoring of all IT financial management systems compliance and quality assurance monitoring activities. Tasks will include compilation and classification of financial management information assets; identification of threats and analyzing of risks to these assets; undertaking system vulnerability assessments; ensuring auditability of system; providing secure system baselines; 2

3 developing implementing and testing security system design; determining, analyzing and deciphering security requirements; assisting with audit activities related to PCI/security compliance; monitoring system security controls; implementing automation, alerts and correlation with regard to system security events; developing and promoting the security strategy for protecting financial information assets and integrating it with the wider security strategy. Specifically, the consultant will be required to perform the following duties:- 1. Provide technical security expertise and guidance to the architecture, network and application teams 2. Support the establishment of an IT Systems compliance unit in Accountant General s Office 3. Act as the advisor to IT and department functional operations teams on all enterprise IT Security initiatives 4. Support the execution of information security risk assessments along with internal and external auditors (OAG) for security and compliance issues 5. Report on the levels of IT compliance-related risks to appropriate levels of management and following up to ensure that such risks are appropriately managed 6. Lead the development, auditing and enforcement of IT Security Policies, Standards/Procedures for AGO managed systems and identify/advise on opportunities for improvement 7. Lead IT Technical staff in evaluating, selecting, installing and testing security hardware and software 8. Plan and implement information assets classification, threat and risk analysis and mitigation measures 9. Provide constraints covering - among others - standards and procedures to be used as templates in specification and procurement, and inspection and testing of IT/IS systems. 10. Lead the efforts for certification of IT based financial management systems to international standards in quality operations management e.g. ISO 9000, 27001, Review business requirements, functional specifications, and test cases to understand the functional and technical requirements of IT systems in order to test the application and verify those requirements are successfully met. 12. Ensure compliance with standards of the software development life cycle and follow strategies, plans and procedures within the development methodologies. 13. Provide and implement sets of minimum best practices, and verify implementation of all approved audit recommendations, e.g., segregation of duties, password rules, etc. 14. Manage performance & load testing, documentation, and bug triage with multiple business partners. 15. Review, develop and implement security policies that will be adapted in granting users access to the application, databases and operating system platform 3

4 In respect of the Oracle based IFMS, the consultant is expected to fulfil the following duties: 1. Review, test and deploy the database and security updates issued by Oracle 2. Generate and analyze security reports and logs, and make recommendations where appropriate. 3. Periodically monitor, review and make recommendations for the accessibility control for the application, databases and Operating system platform setups. 4. Oversee the definition, coordination and assignment of user security and Application responsibilities subject to the principle of segregation of duties 5. Ensure data confidentiality and privacy policies are adhered to in the test, training development and production environments. Review all database and application patch updates before deployment into the production environment. 6. Review the backup and recovery procedures in place and make recommendations. 7. Review the change control process and make recommendations 8. Review and monitor the audit trails both at database and application levels 9. Act as the subject matter expert supporting the Oracle EBS Security System Administration 10. On a periodic basis review existing application user roles, role hierarchies and policies related to user role access and make recommendations. 11. Secure baseline configuration items (databases, applications, OS) from an unauthorized changes through monitoring attempts and alerts 12. Periodically review database, application and operating system environment, including interfaces and recommend the necessary security tools. 4.0 Reporting Arrangements The consultant will functionally report to the Accountant General through the Commissioner Financial Management Services. The Consultant will work closely with the other IT Technical leads (Applications, Databases, Networks and OS), departmental heads, resident application support consultants and business users to ensure a robust, scalable and secure system operating in an appropriate risk management framework. The consultant will be required to prepare the following reports 1. Assignment inception report 2. Monthly/Quarterly performance reports 3. Annual performance reports 4. An end of assignment report within two weeks after completion of the activities in the work plan or completion of the contract, whichever comes first. 5.0 Key deliverables 1. Updated IT systems security policies and manuals 2. Adequate IT systems business continuity arrangements 3. Sound security practices for the IT Financial Management Systems and implementation of agreed key recommendations from security reviews 4. IT Systems Security Risk assessment reports and strategies for mitigation 5. Verifiably reduced vulnerability for the IT financial management systems 4

5 6. ISO certification for IT Systems and sound quality assurance measures for the development and usage processes of the IT financial management system. 7. An IT Systems Compliance Unit 8. Information Assets Classification and Risk Report 9. Essential cyber security procedures including Incident Response Procedure. 9.0 Duration The assignment contract will be for two years renewable based on need and upon satisfactory performance 7.0 Office tools and equipment Government will provide office space and facilities for the performance of the duties under this consultancy 8.0 Qualification requirements 1. An advanced degree in Information Technology, Computer Sciences or an equivalent professional certification. 2. Minimum of 8 years working experience in a computer related field, with at least 4 years directly served in information security and IT Compliance/audit including knowledge and skills in examining, evaluating and testing complex business IT processes and related controls 3. Professional certification in audit or security review for IT systems such as CISA, CISSP certification is a requirement 4. Experience with enterprise application architectures including ERP and CRM 5. Experience in Oracle e-business Suite Release R12. Oracle certified professional is a requirement. 6. Familiarity with Microsoft Operations Framework 4 (MOF4) is a requirement 7. Knowledge and experience of using Oracle database monitoring tools/utilities and grid control packs (Diagnostics, Tuning, Provisioning, Data masking, change control, configuration management etc.), and Microsoft SQL 8. Experience in formulating policy and developing/implementing new strategies and procedures 9. Expertise with Microsoft Dynamics will be an added advantage 10. Demonstrated experience in a leadership of a multi-skilled team 11. Good report writing and communication skillsincluding ability to read, analyze and interpret technical journals, financial reports and legal documents 12. Sound integrity and the ability to maintain a high level of confidentiality. 5

Uganda s IFMS project has been SUMMARY CHARACTERISTICS OF THE IFMS AND ITS ROLE IN SUPPORTING THE BUDGET PROCESS

Uganda s IFMS project has been SUMMARY CHARACTERISTICS OF THE IFMS AND ITS ROLE IN SUPPORTING THE BUDGET PROCESS COUNTRY LEARNING NOTES Uganda: implementing an Integrated Financial Management System and the automation of the budget process Lawrence Semakula & Robert Muwanga * July 2012 SUMMARY The Implementation

More information

Audit Compliance and Internal Audit Analysis for Dynamics

Audit Compliance and Internal Audit Analysis for Dynamics Fastpath Audit Compliance and Internal Audit Analysis for Dynamics: Better Audit Results with a Reliable, Repeatable Process using Fastpath Fastpath 11107 Aurora Ave. Urbandale, IA 50322 (515) 276-1779

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

Utica College. Information Security Plan

Utica College. Information Security Plan Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles

More information

1.0 BACKGROUND 2.0 OBJECTIVE OF ASSIGNMENT

1.0 BACKGROUND 2.0 OBJECTIVE OF ASSIGNMENT TERMS OF REFERENCE FOR IFMIS PROJECT MANAGER AT THE PUBLIC FINANCIAL MANAGEMENT IMPROVEMENT AND CONSOLIDATION PROJECT, MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT 1.0 BACKGROUND 1.1 The Public Financial

More information

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015 SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation

More information

Governance, Risk & Compliance for Public Sector

Governance, Risk & Compliance for Public Sector Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment

More information

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: OCCUPATIONAL GROUP: Information Technology CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: This family of positions provides security and monitoring for the transmission of information in voice, data,

More information

Duration: One year with the option of an additional year based on performance.

Duration: One year with the option of an additional year based on performance. Position: Adviser to the Internal Audit Unit Objectives: A person to support the newly established Internal audit unit to transform it from its infancy stage to a unit that is a trusted adviser, and more

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Oracle RAC Services Appendix

Oracle RAC Services Appendix 1 Overview Oracle RAC Services Appendix As usage of the Blackboard Academic Suite grows and the system reaches a mission critical level, customers must evaluate the overall effectiveness, stability and

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Oracle Database Security

Oracle Database Security Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches

More information

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

Guide for the Role and Responsibilities of an Information Security Officer Within State Government Guide for the Role and Responsibilities of an Information Security Officer Within State Government Table of Contents Introduction 3 The ISO in State Government 4 Successful ISOs Necessary Skills and Abilities

More information

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011)

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011) Functional Area 3 Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011) Description: Supervises activities of all applications systems analysis and programming

More information

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT. The Third Financial Management and Accountability Programme (FINMAP III)

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT. The Third Financial Management and Accountability Programme (FINMAP III) The Republic of Uganda MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT The Third Financial Management and Accountability Programme (FINMAP III) Request for Expression of Interest For CASH MANAGEMENT

More information

Complete Database Security. Thomas Kyte http://asktom.oracle.com/

Complete Database Security. Thomas Kyte http://asktom.oracle.com/ Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate

More information

Provisions and Guidelines for Information Security Management. Dhr. C. Walters

Provisions and Guidelines for Information Security Management. Dhr. C. Walters Provisions and Guidelines for Information Security Management Dhr. C. Walters 1 Why impose rules for Information Security Management? Supervised institutions have been requesting rules; Rules promotes

More information

SUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE

SUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE ORIGINATOR: CHIEF CONSTABLE PAPER NO: NS14/18 SUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 SUBJECT: ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE SUMMARY: 1. The Collaboration

More information

RFP Attachment C Classifications

RFP Attachment C Classifications RFP 1. Applications IT Architect Analyzes and designs the architecture for software applications and enhancements, including the appropriate application of frameworks and design patterns and the interrelationships

More information

General Computer Controls

General Computer Controls 1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems

More information

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles.

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles. Current Vacancies UK & South Africa This document contains both Permanent & Contract roles. To apply for any of the roles please email your CV and covering letter: Email: resourcing@ecs.co.uk Or call our

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Kovaion Data Masking Solution

Kovaion Data Masking Solution Kovaion Data Masking Solution Date Email Website : Apr-2016 : info@kovaion.com : www.kovaion.com Kovaion Consulting DATA MASKING SOLUTION OVERVIEW Obfuscation of Sensitive Data Prevent data theft from

More information

Directorate of Information Technology. 1. Position: Helpdesk Support Officers (2) Senior Computer Operations Officer Service desk.

Directorate of Information Technology. 1. Position: Helpdesk Support Officers (2) Senior Computer Operations Officer Service desk. The National Social Security Fund (NSSF) which is the leading provider of social security services in Tanzania is hereby inviting applications from suitably qualified, dynamic and motivated Tanzanians

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

BSM for IT Governance, Risk and Compliance: NERC CIP

BSM for IT Governance, Risk and Compliance: NERC CIP BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................

More information

Terms of Reference for an IT Audit of

Terms of Reference for an IT Audit of National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor

More information

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Change Management Programme SCP.06.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the change management programme... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 4 2.1 Certification frequency...

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

Information Shield Solution Matrix for CIP Security Standards

Information Shield Solution Matrix for CIP Security Standards Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability

More information

Server Management-Scans & Patches

Server Management-Scans & Patches THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Server Management-Scans & Patches Report No. 14-11 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West

More information

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open SERVICE DEFINITION G-Cloud 7 MANAGED SERVER Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this material

More information

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) Consultant - Enterprise Systems & Applications 1. Reporting Function. The Applications Consultant reports directly to the CIO 2. Qualification and Experience

More information

Best Practices Report

Best Practices Report Overview As an IT leader within your organization, you face new challenges every day from managing user requirements and operational needs to the burden of IT Compliance. Developing a strong IT general

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

Information and Communication Technology. Patch Management Policy

Information and Communication Technology. Patch Management Policy BELA-BELA LOCAL MUNICIPALITY - - Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 - BELA-BELA 0480 - Tel: 014 736 8000 Fax: 014 736 3288 - Website: www.belabela.gov.za - - OFFICE OF THE MUNICIPAL

More information

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm)

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm) Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm) a. Background: 1. The GoB in accordance with its Public Financial Management (PFM) Strategy & Vision and Medium

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Seguridad en profundidad Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts Agenda Los Controles ISO 27001 Defensa en Profundidad Productos que dan respuesta Roadmap a seguridad Q&A 3

More information

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles.

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles. Current Vacancies UK & South Africa This document contains both Permanent & Contract roles. To apply for any of the roles please email your CV and covering letter: Email: resourcing@ecs.co.uk Or call our

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Management Packs for Database

Management Packs for Database Management Packs for Database Diagnostics Pack for Database Oracle Diagnostics Pack for Database offers a complete, cost-effective, and easy to use solution for managing the performance of Oracle Database

More information

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION TITLE GRADE EEO-4 CODE MASTER IT PROFESSIONAL II 43 B 7.909 SERIES CONCEPT Master Information Technology

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

United States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment

United States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment United States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment CGFS/DCFO/GFMS 1. Contact Information Privacy Impact Assessment (PIA) Department of State Privacy Coordinator

More information

FAIR Act Inventory Functions and Service Contract Inventory Product Service Codes Crosswalk Attachment I

FAIR Act Inventory Functions and Service Contract Inventory Product Service Codes Crosswalk Attachment I Product Service Code (PSC) Recommended PSC Definition FAIR Function Codes and Definitions 1 B510 Study/Environmental Assessments - Organized, analytical assessments/evaluations in support of policy development,

More information

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE

More information

Chief Information Officer

Chief Information Officer Security manager Job description Job title Security manager Location Wellington Group Organisation Development Business unit / team IT Solutions Grade and salary range Pay Group 1, Pay Band 6 Reports to

More information

Appendix A-2 Generic Job Titles for respective categories

Appendix A-2 Generic Job Titles for respective categories Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide

More information

Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012

Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012 Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012 The Australian Computer Society is the gazetted authority within Australia to undertake

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

Unlock your Business Potential

Unlock your Business Potential Unlock your Business Potential Plexstone strategy PLEXSTONE The major function of IT Architecture is to evaluate and synchronize strategies for all layers of IT infrastructure in order to align them to

More information

Oracle Database Review Security Controls and Other Issues Toronto Public Library Management Response

Oracle Database Review Security Controls and Other Issues Toronto Public Library Management Response Oracle Database Review Security Controls and Other Issues Toronto Public Library Management Response Recommendation City Management Response TPL Management Response Status and Timeline for implementation

More information

Guideline on risk management and other aspects of internal control in central securities depository

Guideline on risk management and other aspects of internal control in central securities depository until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Oracle Database 11g: Administration Workshop I Release 2

Oracle Database 11g: Administration Workshop I Release 2 Oracle University Contact Us: 1.800.529.0165 Oracle Database 11g: Administration Workshop I Release 2 Duration: 5 Days What you will learn This Oracle Database 11g: Administration Workshop I Release 2

More information

UoD IT Job Description

UoD IT Job Description UoD IT Job Description Role: Projects Portfolio Manager HERA Grade: 8 Responsible to: Director of IT Accountable for: Day to day leadership of team members and assigned workload Key Relationships: Management

More information

<COMPANY> P01 - Information Security Policy

<COMPANY> P01 - Information Security Policy P01 - Information Security Policy Document Reference P01 - Information Security Policy Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 09 November 2009: Initial release.

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

Council is committed to achieving the three key outcomes identified by our local community:

Council is committed to achieving the three key outcomes identified by our local community: Position Profile Position Title: Reports to: Department: Section: Information Technology Team Leader Information Technology Information Services Community Outcomes Council is committed to achieving the

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Please Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above.

Please Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above. ANZSCO Descriptions This ANZSCO description document has been created to assist applicants in nominating an occupation for an ICT skill assessment application. The document lists all the ANZSCO codes that

More information

Privacy Impact Assessment: Infrastructure Systems

Privacy Impact Assessment: Infrastructure Systems Infrastructure Systems Data in the System Privacy Impact Assessment: Infrastructure Systems SECTION V PRIVACY QUESTIONS 1. Generally describe the information to be used in the system in each of the following

More information

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT FOLLOW UP REVIEW TO AUDIT OF COURTROOM AUTOMATION Karleen F. De Blaker Clerk of the Circuit Court Ex officio County Auditor Robert W. Melton, CPA*, CIA,

More information

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO Policy: Information Security Audit Program Issued by the CTO Policy No: WVOT-PO1008 Issue Date: 08.01.09 Revised: Page 1 of 12 1.0 PURPOSE The West Virginia Office of Technology (WVOT) will maintain an

More information

Security Assessment Report

Security Assessment Report Security Assessment Report Prepared for California State Lottery By: Gaming Laboratories International, LLC. 600 Airport Road, Lakewood, NJ 08701 Phone: (732) 942-3999 Fax: (732) 942-0043 www.gaminglabs.com

More information

Cloud Services Catalog with Epsilon

Cloud Services Catalog with Epsilon Cloud Services Catalog with Epsilon Modern IT enterprises face several challenges while building a service catalog for their data center. Provisioning with a cloud management platform solves some of these

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

This document includes information about the role for which you are applying and the information you will need to provide with the application.

This document includes information about the role for which you are applying and the information you will need to provide with the application. Further Particulars This document includes information about the role for which you are applying and the information you will need to provide with the application. 1. Role details Vacancy reference: 7770

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS Oracle Application Management Suite for Oracle E-Business Suite is a robust application management solution that helps you achieve

More information

Guideline on risk management and other aspects of internal control in stock exchange

Guideline on risk management and other aspects of internal control in stock exchange until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB

More information

Microsoft SQL Server on Stratus ftserver Systems

Microsoft SQL Server on Stratus ftserver Systems W H I T E P A P E R Microsoft SQL Server on Stratus ftserver Systems Security, scalability and reliability at its best Uptime that approaches six nines Significant cost savings for your business Only from

More information

IT control environment Caerphilly County Borough Council

IT control environment Caerphilly County Borough Council Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough

More information

eeye Digital Security Product Training

eeye Digital Security Product Training eeye Digital Security Product Training Retina CS for System Administration (4MD) This hands-on instructor led course provides security system administration/analysts with the skills and knowledge necessary

More information

Chair Cabinet Committee on State Sector Reform and Expenditure Control

Chair Cabinet Committee on State Sector Reform and Expenditure Control Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION

More information

Position Description. Department: Quantitative Research Direct Reports: Project Manager/Researcher Senior Researcher

Position Description. Department: Quantitative Research Direct Reports: Project Manager/Researcher Senior Researcher Position Description Position Title: Research Director (Quantitative) Reports to: Executive Director, Research Department: Direct Reports: Project Manager/Researcher Senior Researcher Date: 03/10/2011

More information

To establish a single channel for public procurement contracts.

To establish a single channel for public procurement contracts. EXPRESSION OF INTEREST (EOI) FOR RECRUITEMENT OF E-PROCUREMENT APPLICATION MANAGER CONSULTANT (X3) 1.0 Background The Government of Rwanda (GoR) wishes to capitalize on employing the use of the most advanced

More information

Introduction to AWS Security July 2015

Introduction to AWS Security July 2015 Introduction to AWS Security July 2015 Page 1 of 7 Table of Contents Introduction... 3 Security of the AWS Infrastructure... 3 Security Products and Features... 4 Network Security... 4 Inventory and Configuration

More information

Review of the Tax and License Collection and Distribution System

Review of the Tax and License Collection and Distribution System Review of the Tax and License Collection and Distribution System May 4, 2012 Report No. 12-09 Evan A. Lukic, CPA County Auditor Table of Contents Topic Page Executive Summary... 3 Scope, Objectives and

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

TITLE III INFORMATION SECURITY

TITLE III INFORMATION SECURITY H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

More information

INFORMATION TECHNOLOGY CONTROLS

INFORMATION TECHNOLOGY CONTROLS CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,

More information

Managed Enterprise Internet and Security Services

Managed Enterprise Internet and Security Services Managed Enterprise Internet and Security Services NOMINATING CATEGORY: CYBER SECURITY INITIATIVES NOMINATOR: TONY ENCINIAS, CHIEF INFORMATION OFFICER COMMONWEALTH OF PENNSYLVANIA FINANCE BUILDING HARRISBURG,

More information

Term of Reference For Information Technology (IT) Consultant (Network Administrator) for FCGO IT Systems

Term of Reference For Information Technology (IT) Consultant (Network Administrator) for FCGO IT Systems Term of Reference For Information Technology (IT) Consultant (Network Administrator) for FCGO IT Systems 1. Background Organization and its functions: Financial Comptroller General Office (FCGO), an organization

More information

Planning and Administering Windows Server 2008 Servers

Planning and Administering Windows Server 2008 Servers Planning and Administering Windows Server 2008 Servers MOC6430 About this Course Elements of this syllabus are subject to change. This five-day instructor-led course provides students with the knowledge

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Information Technology Resource Services

Information Technology Resource Services Information Technology Resource Services RTI specializes in resource solutions ranging from Help Desk, Workstation, Network Infrastructure and Telecommunications services to Software and Web Site Developers.

More information