ACBAR

The Directorate General of Treasury is working under Ministry of Finance (MoF) with a total of around 600 in HQ and line ministries employees. Responsible for managing the treasury bank accounts and payment procedures, Public sector PEM and Treasury (Payment processing), Contracts Master Data Management and payments, Vendors Master Data Management (public and private vendors), Payroll and salaries payments, Budget Execution, distribution and control at all levels and Revenue collection from all sources (taxes and non-taxes) for the Government of Afghanistan (GoA) in accordance with the Public Finance and Expenditure Management Law (PFEML). Treasury’s responsibilities are divided across a Director General, 5 Directorates and 11 Sub Directorates.

After coming Islamic Emirate of Afghanistan (IEA) to the authority, treasury has made important progress in implementing financial system cross the line ministries and provinces, streamlining vendor’s payment processes, simplifying contract management lifecycle, budget execution, and distribution, control, and payment staff salaries punctually. These efforts include a wide range of reforms and structural changes within the treasury.

AFMIS needs technical support in the development of replacement for currently used FMIS as part the strategic plan for the modernization of the financial system in technology and functionalities by aiding in understanding the current financial system as well as the development of a sustainable software system for the modernization of the systems based on open source technologies as per the Digital Foundation Strategy for Afghanistan. The senior software development specialist will collect enough details about the requirements to start the process of developing a set of business workflows and technical specifications.

The objective of recruitment for this position is to perform cybersecurity risk assessment, make and implement appropriate recommendations to improve the security of Treasury’s IT systems and infrastructure in accordance with international standards and best practices. The Senior Cybersecurity Specialist is required to work closely with development and IT teams to implement security throughout the Secure Software Development Lifecycle, aligning with Treasury’s objectives, mission, and goals and will also work with developers to integrate DevSecOps practices, including static code analysis, threat modeling, and secure code reviews into the software lifecycle.

Role and Responsibilities:

The incumbent’s key duties and responsibilities include, but are not limited to:

1. Cybersecurity Strategy and Policy Development:
   1. Develop and implement a cybersecurity strategy aligned with Treasury's objectives, mission and goals.
   2. Establish and regularly review cybersecurity policies and procedures to mitigate risks and ensure compliance with Treasury’s policies and procedures and relevant regulations and standards.
   3. Conduct internal and external penetration testing and coordinate with third-party assessment teams.
   4. Plan and conduct third-party risk assessments, especially for, public sector integrated systems.
   5. Provide guidance on data protection, classification, and privacy compliance mechanisms.
2. Security Operations and Incident Response:
   1. Monitor information systems, databases and networks to detect cyber threats and respond to cyber threats to remediate information security threats and vulnerabilities.
   2. Define and enforce secure baseline configurations for information systems, databases, and application servers.
   3. Carry out tests on the Treasury’s systems to expose weaknesses in security.
   4. Design and enforce zero-trust principles across all network and application components.
   5. Investigate and respond to Treasury systems cybersecurity incidents, ensuring a timely and effective incident response.
   6. Analyze, design, and facilitate capabilities, solutions, or preventative/remediation controls to protect Treasury’s confidential data and systems in accordance with industry standards and best practices.
   7. Review the current policies and procedures of Treasury’s information security, incident response, business Continuity plans and advise on required revision and improvement.
   8. Collaborate with IT teams to identify security vulnerabilities and implement solutions
   1. Perform security audits and conduct security assessments
3. Team Management and Collaboration:
   1. Coordinate with AFMIS software development professionals, providing guidance, transfer of knowledge, mentorship, and support.
   2. Foster a collaborative and productive working environment within the AFMIS development, network, virtualization, system and database administration teams.
   3. Collaborate with cross-functional teams to implement security controls and measures in alignment to cybersecurity objectives.
   4. Work under the supervision of the AFMIS Director and provide regular tasks status updates, challenges and reports to the management.
   5. Perform any other duties related to the role assigned by the management.
4. Emerging Technologies and Industry Trends:
   1. Stay informed about emerging trends, challenges, and best practices in cybersecurity, particularly in relation to Treasury systems.
   2. Identify and evaluate emerging technologies and solutions that can enhance the security of the Treasury systems.
   3. Conduct research and analysis on cybersecurity advancements and propose relevant technological solutions.
   4.  Maintain security awareness program and deliver training to employees
5. Write, revise and maintain software security documentation, operations documentation and user guides in accordance with standards.

Deliverables

The main deliverables include but are not limited to:

1. Develop  a comprehensive security roadmap and documentation aligned with Treasury modernization objectives, missions, and goals.
2. Produce and maintain an updated risk register covering all Treasury systems.
3. Provide an incident response plan including escalation matrix and runbooks for major threats.
4. Deliver a gap analysis report aligned with NIST CSF, ISO 27001, or equivalent standards.

Eligibility and Skill Sets:

Qualifications:

1. Bachelor’s or master degree in computer science, information technology, Information Security and other related fields.
2. One of the professional certifications in cybersecurity e.g., Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) or similar certification is required.
3. 5 years of progressive experience in cybersecurity for master and 7 years for bachelor graduates,.
4. Experience in developing and implementing cybersecurity policies,procedures and solutions.
5. Strong hands-on experience with SIEM tools (e.g., Splunk, Elastic Stack), intrusion detection systems (IDS/IPS), vulnerability scanners (e.g., Nessus), and endpoint protection platforms (e.g., CrowdStrike).
6. Familiarity with container security (Docker, Kubernetes) and software architectures is a plus.
7. Excellent teamwork and collaboration skills, with the ability to work across departments and stakeholders.
8. Security operations reports, including monitoring and analysis of security events.
9. Vulnerability assessment reports and recommendations of Treasury systems for mitigating identified vulnerabilities.
10. OWASP top 10 Web Application Security knowledge is required.
11. Experience in the development and implementation of standards, procedures and guidelines to support operational processes.
12. Self-motivated with the ability to prioritize, meet deadlines, and manage changing priorities;
13. Strong interpersonal, communication skills and Experience in technical writing such as functional specification, technical specification, etc.

Qualified interested cadidates are requested to only submit their CVs along with a cover letter in a single PDF file mentioning either vacancy number or job title in the subject line to mentioned email address!

khal.rasoli@mof.gov.af