2022-01-24

SFMIS IT Security & Networking Specialist – Mogadishu, Somalia

Mogadishu, Somalia
Posted on January 24, 2022

Federal Republic of Somalia (MoF)

SFMIS IT Security & Networking Specialist – Mogadishu, Somalia

The Federal Republic of Somali

Ministry of Finance

REQUEST FOR EXPRESSIONS OF INTEREST (REOI)

COUNTRY: Federal Republic of Somalia (FGS)

NAME OF PROJECT: Somalia Domestic Revenue Mobilization and Public Financial Management

Capacity Strengthening Project – Phase II

PROJECT ID: P166206 Grant No.: IDA-D3700

Assignment Title: SFMIS IT Security & Networking Specialist

Reference No.: SO-MOF-245515-CS-INDV

Place of assignment: Mogadishu, Somalia

Closing Date: 8^th February, 2022

Background

The Federal Republic of Somalia has received financing from The World Bank through the Ministry of Finance (MoF) toward the cost of Somalia Domestic Revenue Mobilization and Public Financial Management Capacity Strengthening Project II.

The Project Development Objective is to strengthen systems of domestic revenue mobilization, expenditure control and accountability in the Federal Government and Federal Member States. The project has the following components: (i) Strengthening Tax Policy and Inland Revenue Administration systems; (ii) Strengthening Systems for the Public Funds Management, Transparency and Accountability; (iii) Rapid Response Facility; and (iv) Public Financial Management Reform Oversight, Coordination and Management.

In pursuance of strengthening Systems for the Public Funds Management, Transparency and Accountability, the Ministry of Finance and Accountant General’s Office is implementing the Somalia Financial Management Information Systems (SFMIS) among other cross-cutting issues.

Accordingly, the Ministry of Finance intends to apply part of the proceeds of the grant to hire an Individual Consultant (IT Security and Networking Specialist) to support the MoF and SFMIS IT infrastructure and related applications. The following objectives are designed to meet that goal:

Development of IT security policy for SFMIS and all relevant applications and infrastructure.
Operationalisation of the SFMIS IT security policy and ensuring compliance by all SFMIS internal and external users of the approved policy.
Ensuring overall security of the SFMIS IT, applications and logical environments.
Safeguarding SFMIS information assets against unauthorized use, disclosure, modification, and accidental or malicious damage or loss.
Grow requisite and sustainable IT security knowledge and capability within the Office of the Accountant General and Ministry of Finance to support the effective operation of the SFMIS for sustainability.

Scope of Work and Responsibilities:

The scope of work for the assignment include but not limited to the following tasks:

Update the IT security policy to reflect the current environment, align it to global ICT security frameworks and follow-up to ensure its approved.
Develop an IT security plan and work with all SFMIS stakeholders to ensure the IT security policy is enforced.

Conduct domain training and capacity building for the existing SFMIS technical team.

Develop a continuous ICT security awareness training program for all SFMIS users.
Establish a robust helpdesk for logging, tracking and reporting on all security incidents in the SFMIS environment.
Develop and operationalize ICT security value metrics using Key performance indicators.

In liaison with the Database Administrator, design, implement and monitor logical access controls to ensure the integrity, confidentiality, and availability of information assets.
In liaison with the SFMIS Director design, implement and monitor network infrastructure security to ensure integrity, confidentiality availability and authorized use of the network and information transmitted.

Design, implement and monitor physical and logical access controls, IT general controls, segregation of duties, sensitive access matrix to ensure that the level of protection for assets and facilities is sufficient to meet the business objectives while adequately protecting all information assets.
Manage the general SFMIS applications security environment that includes: design and implementation of application security roles, segregation of duties analysis rules, security role provisioning solutions, security workflow, security analytics, enterprise Governance, Risk & Compliance (GRC) solutions, automated external application scanning and automated source code analysis that minimize the impact of internal and external manipulation of applications to access, steal, modify, or delete sensitive data.
Develop, implement, and operationalize a robust SFMIS user access control policy and perform a user analysis and rationalization to identify and deactivate all inactive and duplicate users.

Develop specifications for, oversee the acquisition and deployment of and intrusion detection and prevention system for the SFMIS.
Perform a user role matrix analysis and rationalization to ensure that SFMIS users only have those systems roles that are necessary for performance of their duties and that there is segregation of duties on the system.
Develop and operationalize an application change control policy for management of all application changes.

Provide the support to the MoFD Internal Audit in the oversight activities of the SFMIS environment.

Monitor the overall security aspects of the system for any intrusive activity including reporting any logon problems and attempted security violations. Investigate and document all such suspicious activity and violations and escalate to the SFMIS director for immediate actions.
Participate in the design, implementation, and monitoring of the SFMIS disaster recovery, business continuity and backup strategies.
Design, implement and monitor the SFMIS firewall system in liaison with the network administrator.
Design, monitor and implement the antivirus soft war e for the SFMIS environment in liaison with the network administrator.

Analyse all SFMIS software and hardware components, identify those due for upgrade and/or replacement and advice the SFMIS IT director accordingly.

Maintain the same high level security during support, maintenance, and system upgrades.
Develop a sustainability plan for cloud surveys provision support for the SFMIS.

The Consultant will be required to undertake the listed tasks and deliver the expected outputs detailed in the Terms of Reference (TOR).

Selection Criteria:

Selection shall be based on qualification and experience of the candidate and followed by an interview. The minimum required qualification, experience and skills should include:

Bachelor’s Degree in Computer Science, Information Security, Engineering, Information Technology, Finance, Business and or related field.
Specialized IT Security training and qualifications/certification such as CISSP, CISM, CISA.

Knowledge of enterprise IT security risk assessments and related frameworks such ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, ITSM/ITSA etc.

Knowledge and experience on firewall and web server technologies, intrusion detection systems, encryption technology, IS/IT audit technologies/tools.
A minimum of 5 years directly related to the IT security administration duties and responsibilities in a data centre environment with complex systems.
Working experience and knowledge of the MSSQL and Windows Serve r environments will be an added advantage.

Strong inter-personal and communication skills as well as the ability to lead teams in management of IT security environments.
Demonstrable experience in knowledge transfer including mentoring and training skills.

Duration:

Duration of the assignment is five (5) months.

The Ministry of Finance now invites eligible Individual Consultants to indicate their interest in providing these services. Interested Individual Consultants must submit their Curriculum Vitae (CV) and cover letter indicating that they are qualified to perform the services. The detailed TOR can be found at the following website: www.mof.gov.so or it can be forwarded to the applicant upon submission of application to the address indicated below.
The attention of interested Consultants is drawn to paragraphs 3.14, 3.16 and 3.17 of the World Bank’s Procurement Regulations for IPF Borrowers: Procurement in Investment Financing Goods, Works, Non-Consulting and Consulting Services dated July 2016 and current edition. (“Procurement Regulations”), setting forth the World Bank’s policy on conflict of interest.
A Consultant will be selected in accordance with the Individual Consultants Selection method set out in the World Bank’s Procurement Regulations.
Mode of submission of Applications and deadline:

Interested Consultants may obtain further information including a detailed Terms of Reference at the address given below from 8:30 to 3.30pm Mogadishu time (Excluding public holidays).

Expressions of interest (EOI) and CV with 3 reference persons and certificates of academic qualifications must be delivered (in person or by e-mail) in a written form to the address below by 8^th February, 2022 at 12:00 Hours (Mogadishu Time) – marked clearly as – Application for SFMIS IT Security & Networking Specialist.

Project Coordination Unit,

DRM/PFM Project

Ministry of Finance

Street Corso Street, Shangaani District, Mogadishu

Federal Republic of Somalia

Email: pfmcommunications@mof.gov.so

………………………………………………………………………………………