The Ugandan Jobline

• Evaluate and review internal controls of
  the existing information systems and related ICT infrastructure and advise
  on the information system security to guide transition to the new HCM.
• Develop and monitor implementation of
  information security policies, procedures, controls and technical systems
  in order to maintain the confidentiality, integrity, and availability of
  the HCM system.
• Carry out information security risk
  assessments to ensure appropriate information security and business
  continuity controls exist including identifying, describing, analysing and
  estimating the risks.
• Identify and evaluate technology risks,
  mitigating controls, and opportunities for control improvement.
• Establish Standard Operating Procedures
  (SOPs)/criteria for proper management of HCM risks.
• Provide technical support in
  organizational risk reporting across project strategic, tactical and
  operational levels and across key stakeholders.
• Build staff capacity in risk awareness,
  analysis and management.
• Keenly monitor systems, identify and
  report violations of risk limits/controls.
• Evaluate the effectiveness of organizational
  controls, perform risk analysis and management activities and develop
  appropriate mitigation plans.
• Identify necessary enhancements for
  organizational business processes and policies to prevent operational
  project risks.
• Undertake audits of organizational
  policies relating the HCM project and ensure compliance with National
  standards, legislations and frameworks.
• Carry out self-assessments of the HCM
  information security management system to ensure the effective
  implementation of and compliance with the National Information Security Framework.
• Develop and maintain an up-to-date risk
  register for the HCM.
• Review and enhance existing risk
  modelling techniques.
• Perform procedures and assessments
  necessary to ensure the safety of information assets.
• Undertake continuous risk based system
  audits in accordance with the annual work plans.
• Conduct operational, compliance and
  investigative assessments.
• Ensure that a complete and cross
  referenced audit engagement plan is maintained for every audit engagement.
• Keenly monitor the HCM and supporting
  infrastructure through adequate audit logging, scanning, and monitoring
  processes.
• Provide risk and control advisory to the
  Ministry on pre and post implementation system development and
  enhancements.
• Conduct general and application control
  reviews for computer information systems and databases in respect to
  development standards, operating procedures, system security, programming
  controls, communication controls, backup and disaster recovery, and system
  maintenance.
• Monitor the resolution of all incidents
  and incident handling and escalation procedures to ensure effective
  incident resolution.
• Champion data mining and analytics use
  and capability development within the team.
• Keenly monitor developments in ICT risk
  management and audit approaches in the industry, assess viability and
  recommend actions for implementation and improvement.
• Any other duties as may be assigned from
  time to time.

• Evaluation report on system security and
  internal controls of the existing information systems and related ICT
  infrastructure.
• Guidelines on the required information
  system security to support transition to the new HCM.
• Information system security and controls
  policy developed.
• Audit engagement plan developed and
  maintained for every audit engagement.
• Information System security audit
  reports provided quarterly.
• Documentation and dissemination of
  Standard Operating Procedures (SOPs)
• Strategy and plan for staff capacity
  building in risk awareness, analysis and management developed.
• Risk management strategy for HCM
  developed and an up-to-date risk register maintained.
• Quarterly and Annual Performance
  reports.

• The Information System Security Risk
  Analyst – Human Capital Management must hold a Bachelor’s degree in
  Computer Science, Information Technology, Information Science, Information
  Systems, Information Security or a related field from a recognized
  university.
• Professional qualification in IT
  Industry Certifications such as CRISC, CISA, CISM, CISSP, ISO 27001 or ISO
  31000.
• Possession of PMP, Prince2, of ITIL will
  be an added advantage.
• At least four (4) years working
  experience in Risk Management or Information Security Management
  Information Systems Audit or ICT Audit consulting or a related field with
  two (2) years at a supervisory level.
• Previous experience in Governance Risk
  and Compliance tools as well as mechanisms.
• Experience in Oracle databases, networks
  and systems management and implementation of ICT projects.
• Working knowledge of National
  information risk management frameworks and standards.
• Broad knowledge of Information System
  Security.
• Demonstrable interest in information
  security and IT audit developments.
• Knowledge of Risk Management.
• Excellent analytical and problem solving
  skills.
• Excellent communication an interpersonal
  skill across strategic, tactical and operational levels.
• Stakeholder Management skill.
• Flexibility, persistence and willingness
  to work on a variety of activities/tasks.
• Logical and objective attention to
  detail, analytical abilities and the ability to recognize trends in data.
• A proactive approach with the confidence
  to make decisions.
• A methodical and well-organized approach
  to work.
• The ability to work under pressure and
  meet deadlines.
• Confidentiality of Government
  information.
• Knowledge of Government procedure,
  processes and operations.

Related Jobs