MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE



Similar documents
Uganda s IFMS project has been SUMMARY CHARACTERISTICS OF THE IFMS AND ITS ROLE IN SUPPORTING THE BUDGET PROCESS

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Audit Compliance and Internal Audit Analysis for Dynamics

Security Controls What Works. Southside Virginia Community College: Security Awareness

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

JOB DESCRIPTION CONTRACTUAL POSITION

Utica College. Information Security Plan

Oracle RAC Services Appendix

Oracle Database Security

How To Manage Security On A Networked Computer System

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

Certified Information Systems Auditor (CISA)

1.0 BACKGROUND 2.0 OBJECTIVE OF ASSIGNMENT

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

Governance, Risk & Compliance for Public Sector

General Computer Controls

Kovaion Data Masking Solution

Management Packs for Database

Oracle Database Review Security Controls and Other Issues Toronto Public Library Management Response

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Terms of Reference for an IT Audit of

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles.

Information security controls. Briefing for clients on Experian information security controls

Oracle Database 11g: Administration Workshop I Release 2

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information and Communication Technology. Patch Management Policy

Server Management-Scans & Patches

Cisco Security Optimization Service

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT. The Third Financial Management and Accountability Programme (FINMAP III)

Course 10751A: Configuring and Deploying a Private Cloud with System Center 2012

SUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE

Keyfort Cloud Services (KCS)

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

The IaaS Server On Boarding Process

Planning and Administering Windows Server 2008 Servers

Managed Enterprise Internet and Security Services

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

EXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH

Australian Computer Society ANZSCO ICT Code descriptions v Further updates will be issued in

Configuring and Deploying a Private Cloud with System Center 2012

Complete Database Security. Thomas Kyte

BSM for IT Governance, Risk and Compliance: NERC CIP

Best Practices Report

TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs)

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

6231A - Maintaining a Microsoft SQL Server 2008 Database

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Information Shield Solution Matrix for CIP Security Standards

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

Cloud Computing Security Considerations

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

<COMPANY> P01 - Information Security Policy

Oracle Database 11g: RAC Administration Release 2

MS 10751A - Configuring and Deploying a Private Cloud with System Center 2012

LogRhythm and NERC CIP Compliance

State of Oregon. State of Oregon 1

Duration: One year with the option of an additional year based on performance.

Planning and Administering Windows Server 2008 Servers

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm)

White Paper How Noah Mobile uses Microsoft Azure Core Services

RFP Attachment C Classifications

Solutions and IT services for Oil-Gas & Energy markets

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Cloud & Datacenter Monitoring with System Center Operations Manager

GHANA INSTITUTE OF MANAGEMENT AND PUBLIC ADMINISTRATION GIMPA CENTRE FOR I.T. PROFESSIONAL DEVELOPMENT CIPD GIMPA COMPUTER PROFICIENCY LICENCE

Spillemyndigheden s Certification Programme Change Management Programme

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Course 55006A: COURSE DETAIL. Systems Center 2012 Operations Manager OVERVIEW. About this Course

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Cloud Services Catalog with Epsilon

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

LEARNING SOLUTIONS website milner.com/learning phone

SRA International Managed Information Systems Internal Audit Report

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

Directorate of Information Technology. 1. Position: Helpdesk Support Officers (2) Senior Computer Operations Officer Service desk.

FAIR Act Inventory Functions and Service Contract Inventory Product Service Codes Crosswalk Attachment I

Current Vacancies. UK & South Africa. This document contains both Permanent & Contract roles.

Information Security and Governance in ERP Implementation (JD Edwards)

Council is committed to achieving the three key outcomes identified by our local community:

Service Definition Document

U-LINC : Workflow and Notifications Anytime and Anywhere for Microsoft Dynamics GP

Specific observations and recommendations that were discussed with campus management are presented in detail below.

Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011)

70-246: Monitoring and Operating a Private Cloud with System Center 2012

Better secure IT equipment and systems

Securing Data in Oracle Database 12c

Term of Reference For Information Technology (IT) Consultant (Network Administrator) for FCGO IT Systems

Position Description. Job Summary: Campus Job Scope:

Fundamentals of a Windows Server Infrastructure MOC 10967

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

GOVERNMENT. Helping governments transform public service delivery with efficient, citizen-centric solutions

Addressing Cloud Computing Security Considerations

Transcription:

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST 1.0 Background Government of Uganda (GoU) through the Ministry of Finance, Planning and Economic Development (MoFPED) has been implementing public financial management reforms in order to improve efficiency, transparency and accountability in the management of public resources as well as facilitate the standardization of accounting and reporting frameworks. These reforms have amongst others, involved implementation of computerized financial management systems in Ministries, Agencies, and Local Governments (MALGs). The implementation of these new systems is being undertaken in a phased manner and separate systems are being rolled out depending on the specific requirements of the government agency/sector. MoFPED has twin Datacenters connected to the MoFPED LAN, and over serial WAN links to MALGs. One of the Datacenters provides failover services. The key computerized financial management systems being used/ implemented in government include: 1. The Oracle based Integrated Financial Management System (IFMS) which has been implemented in mainly central government votes. This system comprises an Oracle Financials E-Business suite application (Oracle R12i Treasury Solution) and Oracle 11g database hosted on HPUX 3.2. Implementation of this system started in 2003 and the application has so far been extended to 89 MALGs. System architecture comprises decentralized data capture over a WAN with centralized data processing and storage at MoFPED Datacenters. 2. The midrange Integrated Financial Management System (IFMS2) which is being implemented in local government votes. Implementation has so far covered 26 local governments with plans to extend it to another 33 LGs in the financial year 2014/15. This system is built on distributed topology with periodic synchronization on a central platform at MoFPED Datacenters. The technologies used are Microsoft Dynamics Navision 2009 and Microsoft SQL 2008 Enterprise on Windows Server 2008 R2 Enterprise. 3. The Microsoft Dynamics Navision 2009 financial management system used by the 33 Foreign Missions. The system is built on a distributed topology, with manual periodic consolidation. 4. The Computerized Education Management and Accounting System (CEMAS) due to be implemented in Public Universities and Self-Accounting Tertiary Institutions. This will be on Microsoft Dynamics GP 2013 with CRM and Students, Academics and Human Resource Management functions. 1

The systems have several operational or planned interfaces include those with Bank of Uganda, Uganda Revenue Authority, Uganda National Examinations Board, the Intergrated Personnel & Payroll System, Commercial financial services providers, etc. PFM functions and services are also dependent on auxilliary systems that provide among others, support for communication, collaboration and reporting. These systems include mail exhangers and alert generators. Some of the support systems are critical for service delivery and information sharing tasks, e.g., User support and education; as well as for core business functions, e.g., authorisation and/or confirmation of EFT transactions. The auxilliary systems are centrally hosted at MoFPED Datacenters, and include IT operations and cyber security monitoring and administration tools. Due to the expanding roll-out of the computerised financial management systems across government, the specialised nature of IT systems security processes and considering the complexity and extended nature of government financial management operations, there is added need for strengthening the management over the computerised financial management systems. MoFPED now seeks to recruit an IT Systems Security Compliance and Quality Assurance Specialist with the consultant having significant responsibilities related to IT Systems Risk Management and Security Compliance. 2.0 Objective of the assignment To support the Accountant General s Office in review, development, oversight, monitoring and leadership of capacity building efforts for IFMS security management and quality assurance processes. In particular, the consultant will continuously appraise systems security set-ups for the applications and related infrastructure and advise management and other IT technical leads on required security enhancements and overall IT systems risk management measures. 3.0 Detailed assignment description The IT Compliance and Quality Assurance Specialist will be responsible supporting the establishment of an IT systems compliance unit and for reviewing, developing, and monitoring the Compliance and Quality Assurance regime for all computerized systems but with focus on the Oracle R12 E-Business Suite and Oracle 11g Database, and its supporting infrastructure. We are seeking a seasoned IT Compliance and Quality Assurance professional with in-depth experience of working with integrated financial management systems especially the Oracle e- Business Suite Applications R12 and related/supporting technologies. The Consultant will have responsibility for developing the strategy, delivery and operational monitoring of all IT financial management systems compliance and quality assurance monitoring activities. Tasks will include compilation and classification of financial management information assets; identification of threats and analyzing of risks to these assets; undertaking system vulnerability assessments; ensuring auditability of system; providing secure system baselines; 2

developing implementing and testing security system design; determining, analyzing and deciphering security requirements; assisting with audit activities related to PCI/security compliance; monitoring system security controls; implementing automation, alerts and correlation with regard to system security events; developing and promoting the security strategy for protecting financial information assets and integrating it with the wider security strategy. Specifically, the consultant will be required to perform the following duties:- 1. Provide technical security expertise and guidance to the architecture, network and application teams 2. Support the establishment of an IT Systems compliance unit in Accountant General s Office 3. Act as the advisor to IT and department functional operations teams on all enterprise IT Security initiatives 4. Support the execution of information security risk assessments along with internal and external auditors (OAG) for security and compliance issues 5. Report on the levels of IT compliance-related risks to appropriate levels of management and following up to ensure that such risks are appropriately managed 6. Lead the development, auditing and enforcement of IT Security Policies, Standards/Procedures for AGO managed systems and identify/advise on opportunities for improvement 7. Lead IT Technical staff in evaluating, selecting, installing and testing security hardware and software 8. Plan and implement information assets classification, threat and risk analysis and mitigation measures 9. Provide constraints covering - among others - standards and procedures to be used as templates in specification and procurement, and inspection and testing of IT/IS systems. 10. Lead the efforts for certification of IT based financial management systems to international standards in quality operations management e.g. ISO 9000, 27001, 27002 11. Review business requirements, functional specifications, and test cases to understand the functional and technical requirements of IT systems in order to test the application and verify those requirements are successfully met. 12. Ensure compliance with standards of the software development life cycle and follow strategies, plans and procedures within the development methodologies. 13. Provide and implement sets of minimum best practices, and verify implementation of all approved audit recommendations, e.g., segregation of duties, password rules, etc. 14. Manage performance & load testing, documentation, and bug triage with multiple business partners. 15. Review, develop and implement security policies that will be adapted in granting users access to the application, databases and operating system platform 3

In respect of the Oracle based IFMS, the consultant is expected to fulfil the following duties: 1. Review, test and deploy the database and security updates issued by Oracle 2. Generate and analyze security reports and logs, and make recommendations where appropriate. 3. Periodically monitor, review and make recommendations for the accessibility control for the application, databases and Operating system platform setups. 4. Oversee the definition, coordination and assignment of user security and Application responsibilities subject to the principle of segregation of duties 5. Ensure data confidentiality and privacy policies are adhered to in the test, training development and production environments. Review all database and application patch updates before deployment into the production environment. 6. Review the backup and recovery procedures in place and make recommendations. 7. Review the change control process and make recommendations 8. Review and monitor the audit trails both at database and application levels 9. Act as the subject matter expert supporting the Oracle EBS Security System Administration 10. On a periodic basis review existing application user roles, role hierarchies and policies related to user role access and make recommendations. 11. Secure baseline configuration items (databases, applications, OS) from an unauthorized changes through monitoring attempts and alerts 12. Periodically review database, application and operating system environment, including interfaces and recommend the necessary security tools. 4.0 Reporting Arrangements The consultant will functionally report to the Accountant General through the Commissioner Financial Management Services. The Consultant will work closely with the other IT Technical leads (Applications, Databases, Networks and OS), departmental heads, resident application support consultants and business users to ensure a robust, scalable and secure system operating in an appropriate risk management framework. The consultant will be required to prepare the following reports 1. Assignment inception report 2. Monthly/Quarterly performance reports 3. Annual performance reports 4. An end of assignment report within two weeks after completion of the activities in the work plan or completion of the contract, whichever comes first. 5.0 Key deliverables 1. Updated IT systems security policies and manuals 2. Adequate IT systems business continuity arrangements 3. Sound security practices for the IT Financial Management Systems and implementation of agreed key recommendations from security reviews 4. IT Systems Security Risk assessment reports and strategies for mitigation 5. Verifiably reduced vulnerability for the IT financial management systems 4

6. ISO certification for IT Systems and sound quality assurance measures for the development and usage processes of the IT financial management system. 7. An IT Systems Compliance Unit 8. Information Assets Classification and Risk Report 9. Essential cyber security procedures including Incident Response Procedure. 9.0 Duration The assignment contract will be for two years renewable based on need and upon satisfactory performance 7.0 Office tools and equipment Government will provide office space and facilities for the performance of the duties under this consultancy 8.0 Qualification requirements 1. An advanced degree in Information Technology, Computer Sciences or an equivalent professional certification. 2. Minimum of 8 years working experience in a computer related field, with at least 4 years directly served in information security and IT Compliance/audit including knowledge and skills in examining, evaluating and testing complex business IT processes and related controls 3. Professional certification in audit or security review for IT systems such as CISA, CISSP certification is a requirement 4. Experience with enterprise application architectures including ERP and CRM 5. Experience in Oracle e-business Suite Release R12. Oracle certified professional is a requirement. 6. Familiarity with Microsoft Operations Framework 4 (MOF4) is a requirement 7. Knowledge and experience of using Oracle database monitoring tools/utilities and grid control packs (Diagnostics, Tuning, Provisioning, Data masking, change control, configuration management etc.), and Microsoft SQL 8. Experience in formulating policy and developing/implementing new strategies and procedures 9. Expertise with Microsoft Dynamics will be an added advantage 10. Demonstrated experience in a leadership of a multi-skilled team 11. Good report writing and communication skillsincluding ability to read, analyze and interpret technical journals, financial reports and legal documents 12. Sound integrity and the ability to maintain a high level of confidentiality. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information