Consultancy: PCI Technical Lead, ICTD Digital Core (Individual Consultant, remote)

Consultant IT & Telecom

Contract

This is a Consultancy contract. More about Consultancy contracts.

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential.

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone.

And we never give up.

For every child,

UNICEF continually evaluates the level of PCI exposure in countries with private sector fundraising activities. Countries are provided with short, medium and long term architectural options to reduce PCI noncompliance and data breach risk. The options are founded in the strategic direction, which is to transfer UNICEF’s Card Holder Data (CHD) footprint from internal environments to PCI compliant third-party service providers. Each office has developed a project plan/road map towards meeting compliance, which are in the process of executing.

How can you make a difference?

The consultant will act as a hands-on PCI Technical Lead of the various projects in multiple fund-raising countries to rectify their PCI-DSS compliance status. Multiple countries will need to develop and deploy new PCI compliant solutions and or rectify existing solutions, comprised of technology, people and processes. The PCI Technical Lead will define and review technical architectures and technology solutions, ensure adherence to ICTD’s Reference Architecture, and lead the technical implementatoin of the solutions.

The PCI Technical Lead will join forces with the country teams to engage with Third Parties (e.g. Agencies, Banks, Payment Service Providers etc) and to jointly design market specifice, Third Party specific solutions. The PCI Technical Lead will propose the skill sets and durtion required to execute the implementation of the solutions.

The PCI Technical Lead will be guided by the UNICEF Information Security policy, PCI Standard, Data Breach Procedure, the standard Reference Architecture as well as by the input from the Global PCI Taskforce and the PCI Expert consult-ant. The PCI Technical lead will contribute to the refinement of the policies, standards and procedures and will pro-mote synergies across offices and regions.

The consultant will focus on countries in across the globe (mainly in East Asia Pacific or Latin America) and report to the Information and Communication Technology Division (ICTD), Digital Core - Solutions Center, in Valencia Spain as part of the PCI Global Taskforce.

The consultant will lead and engage with country, regional and HQ teams (Fund Raising, Operations, ICT), and Third Party Service Providers to design and implement PCI alignment solutions for the UNICEF PSFR Country Offices. The PCI Expert will create a collaborative environment by guiding project participants, project team members, and stakeholders to achieve their objectives, execute the work plans, and reach the desired project results.

Technical Leadership and Support

The consultant will act as a hands-on PCI Technical Lead of the various projects in multiple fund-raising countries to rectify their PCI-DSS compliance status Define and review technical architectures and technology solutions Create alignment with ICTD’s Reference Architecture Lead the technical implementation of the solutions Ensure solutions are vetted by the PCI Expert Make day to day technical decisions, adhere to required technical and project governance mandates Create required technical documentation Review solutions already implemented in markets to determine progress and PCI Alignment Get buy-in from country, regions and HQ on proposed designs and project plans

Project Leadership and Support

Determine resourcing and cost requirements to implement PCI solutions Hands-on management of solution implementations in each country Identifying opportunities and risks within and across Country Offices and developing recommendations to capital-ize/mitigate them. Create project plans, orchestrate and utilize Agile and DevOps principles Liaise with all project stakeholders, ensuring views of all parties are considered when making recommendations Strongly align with the Supporter Engagement Strategy Project (SES) on solution design and recommendations Escalate issues to the appropriate level for mitigation/action Design post-go live support processes and determine post go live resourcing and costing impact. Continually advise and evaluate execution plans ensuring they align with the global approach. Participate in leadership meetings and provide progress reports on functions implemented and updates on the imple-mentation of the solution.

Third Party engagement

Join forces with the country teams to engage with Third Parties (e.g., Agencies, Banks, Paymnet Service Providers etc.) for technical requirements. Jointly design market specific, Third Party specific PCI Compliant solutions The PCI Technical Lead will propose the skill sets required to execute the implementation of the solutions to Third Par-ties

Policies and Documentation

The PCI Technical lead will contribute to the refinement of the policies, standards and procedures and will promote synergies across offices and regions. The will prepare technical design documentation, integration details and project reporting collateral for the Global PCI Task Force

The PCI Technical Lead will deliver the following: • Design Market relevant, UNICEF Architecture aligned, PCI compliant solutions • Implement the solutions in the countries to rectify their PCI-DSS compliance status • Create and execute the technical project plans • Provide recommendations for implementing PCI-DSS requirements globally in UNICEF. • Work with PCI Taskforce to create viable solutions for specific, non-standard issues which arise in country • Audit existing PCI Solutions implemented in countries. • Plan for each integration point with Third Party Service Providers • Establish relationships with key Service Providers in Regions • Design post-go live support processes and determine post go live resourcing and costing impact. • Refine UNICEF PCI and Data Privacy Policies by providing input to the Chief of Information Security

Work Assignments Overview

Deliverables/Outputs

Timeline

Estimated Budget

Onboarding phase – familiarization with the UNICEF PCI Project, Reference architecture and status in countries

• Presentation to PCI Taskforce with understanding of technical landscape and challenges per country
• Presentation of the Argentina Integration hub

By 31 August 2023

8%

Priority Country (P1) PCI Assessment

• Updated end-to-end PCI workflow diagram pertaining to the priority country
• Mapping of the PCI architecture in the country to UNICEF’s recommended architecture
• Recommendations document to achieve PCI compliancy in the country
• Monthly update on country level compliance

By 30 Sept 2023

8%

Priority Country (P1) post assessment guidance and implementation

Country specific project plan

Review project plan with country level, regional and global stakeholders

Engage with third party service providers to confirm and validate plan

Physical development and implementation of the recommended solution – start the process

By 31 Oct 2023

8%

Priority Country (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Completion of the PCI SAQ for the priority country (33%)

By 30 Nov 2023

8%

Priority Country (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Completion of the PCI SAQ for the priority country (66%)

By 31 Dec 2023

8%

Priority Country (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Completion of the PCI SAQ for the priority country (100%)

By 31 Jan 2024

8%

Priority Country (P1) Solution implementation

• Stabilization of solutions implemented
• Design a plan and architecture for the exceptions

By 28 Feb 2024

8%

Priority countries (all P1 countries) business as usual processes

• Design business as usual processes for countries to maintain PCI compliance

Design a control framework to monitor adherence to the processes

By 31 Marc 2024

8%

Priority Country 2 (P1) PCI Assessment

• Updated end to end PCI workflow diagram pertaining to the priority country
• Mapping of the PCI architecture in the country to UNICEF’s recommended architecture
• Recommendations document to achieve PCI compliancy in the country
• Monthly update on country level compliance

By 30 Apr 2024

8%

Priority Country 2 (P1) post assessment guidance and implementation

• Country specific project plan
• Review project plan with country level, regional and global stakeholders
• Engage with third party service providers to confirm and validate plan
• Physical development and implementation of the recommended solution – start the process

By 31 May 2024

8%

Priority Country 2 (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Start completion of the PCI SAQ for the priority country (15%)

By 31 May 2024

4%

Priority Country 2 (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Start completion of the PCI SAQ for the priority country (40%)

By 30 Jun 2024

8%

Priority Country 2 (P1) Solution implementation

• Physical implementation of relevant PCI controls in the country office
• Start completion of the PCI SAQ for the priority country (60%)

By 31 Jul 2024

8%

To qualify as an advocate for every child you will have…

• Advanced university degree in Systems Engineering, or equivalent is required. A first level university degree in combination with qualifying experience may be accepted in lieu of the advanced degree. • PMI or Prince 2 Project Management Certification is highly desirable. • PCI certifications (Certified PCIP, QSA, ISA, PA-QSA, P2PE PA-QSA etc.) is desirable • Minimum of 8 years of experience, five of which should be in leading medium to large scale, multi stakeholder projects with demonstrable results, and stakeholder satisfac-tion. • Hands-on technical expertise and knowledge of enterprise level systems is required. Experience in CRM systems, CMS and Payment systems is highly desirable. • It would be an advantage if the person has previous experience managing projects re-lated to PCI compliance. • Strong ability to strategize, identify patterns and prioritize. • Fluency in English and Spanish is required.

For every Child, you demonstrate…

UNICEF's values of Care, Respect, Integrity, Trust, Accountability, and Sustainability (CRITAS).

To view our competency framework, please visit here.

UNICEF is here to serve the world’s most disadvantaged children and our global workforce must reflect the diversity of those children. The UNICEF family is committed to include everyone, irrespective of their race/ethnicity, age, disability, gender identity, sexual orientation, religion, nationality, socio-economic background, or any other personal characteristic.

UNICEF offers reasonable accommodation for consultants/individual contractors with disabilities. This may include, for example, accessible software, travel assistance for missions or personal attendants. We encourage you to disclose your disability during your application in case you need reasonable accommodation during the selection process and afterwards in your assignment.

UNICEF has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and UNICEF, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination. UNICEF also adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo rigorous reference and background checks. Background checks will include the verification of academic credential(s) and employment history. Selected candidates may be required to provide additional information to conduct a background check.

Remarks:

Only shortlisted candidates will be contacted and advance to the next stage of the selection process.

Individuals engaged under a consultancy or individual contract will not be considered “staff members” under the Staff Regulations and Rules of the United Nations and UNICEF’s policies and procedures, and will not be entitled to benefits provided therein (such as leave entitlements and medical insurance coverage). Their conditions of service will be governed by their contract and the General Conditions of Contracts for the Services of Consultants and Individual Contractors. Consultants and individual contractors are responsible for determining their tax liabilities and for the payment of any taxes and/or duties, in accordance with local or other applicable laws.

The selected candidate is solely responsible to ensure that the visa (applicable) and health insurance required to perform the duties of the contract are valid for the entire period of the contract. Selected candidates are subject to confirmation of fully-vaccinated status against SARS-CoV-2 (Covid-19) with a World Health Organization (WHO)-endorsed vaccine, which must be met prior to taking up the assignment. It does not apply to consultants who will work remotely and are not expected to work on or visit UNICEF premises, programme delivery locations or directly interact with communities UNICEF works with, nor to travel to perform functions for UNICEF for the duration of their consultancy contracts.

Apply now

Added 11 months ago - Updated 11 months ago - Source: unicef.org