Risk Management, Compliance and Information Security Officer (P3)

Finance & Economy

Background:

The OSCE has a comprehensive approach to security that encompasses politico-military, economic and environmental, and human aspects. It therefore addresses a wide range of security-related concerns, including arms control, confidence- and security-building measures, human rights, combating human trafficking, national minorities, democratization, policing strategies, counter-terrorism and economic and environmental activities. All 57 participating States enjoy equal status, and decisions are taken by consensus on a politically, but not legally binding basis.

The OSCE Secretariat in Vienna assists the Chairpersonship in its activities, and provides operational and administrative support to the field operations, and, as appropriate, to other institutions.

The OSCE Secretariat’s Department of Management and Finance (DMF) is responsible for managing the material and financial resources of the Organization. The objective of DMF is to provide efficient and effective management of non-staff resources in support of OSCE programmatic activities. It provides policy guidance on the management of OSCE financial and material resources and develops and maintains OSCE Financial Regulations and Rules and Financial Administrative Instructions. DMF consists of Budget and Finance Services, Mission Support Section, Information and Communication Technology Section and the Information Security and Co-ordination Unit.

The Risk Management, Compliance and Information Security (RMCIS) Unit, in the Office of the Director, performs a diverse set of OSCE-wide governance, risk and compliance-related functions related to Second Line of Defence duties. In addition to overseeing the Organization's Risk Management Framework, co-ordinating the Internal Control system, and supporting Information Security, the Unit deals with the Secretariat’s Implementing Partner portfolio, OSCE-wide Data Privacy matters, and advises senior management on a host of related activities.

Tasks and Responsibilities:

The unit plays a Second Line of Defence role under the Three Lines of Defence model. It enables risk owners across OSCE to identify emerging risks in their daily operations, so that they can provide reasonable assurance on their objectives. It does this by providing compliance and oversight in the form of advisory work, frameworks, policies, tools, and techniques to support managers in their handling of their risks and the internal controls in place to manage those risks.

As Risk Management, Compliance and Information Security Officer, you will report to the Chief, Risk Management, Compliance and Information Security.

Functions required from the incumbent of the post are best understood as having two levels of analysis. At the basic level, the unit plays three distinct 2nd-line-of-defence roles: risk management; internal control; and information security. A second, superimposed level of analysis touches upon areas of activity that require playing one or more of the three roles for a given topic, namely: project reviews, including via implementing partners; a variety of internal consultancy work; the interpretation, review and redrafting of policies regulating daily operations across OSCE; and the deployment of digital fluency skills as an enabler and effect-multiplier helping the roles of RMCIS.

More specifically, you will be responsible for the following:

1. Risk Management

• OSCE bases itself on ISO31000 standard. The incumbent will have a vertically-integrated approach to risk management, on two levels: at the basic level, handling and interprets risk-related information; providing risk assessments, whether qualitative or quantitative, on a variety of activities; collaborating with risk owners in the identification and assessment of emerging or current risks; preparing and compiling reports, summaries and presentations to communicate findings and providing advice to key stakeholders; collaborating with stakeholders on reporting and evaluation techniques to support the updating of relevant information feeding OSCE’s risk exposure;

• At a higher level, is responsible for (re)designing and implementing risk methodologies that can help with better decision-making and better processes at different levels of the organization.

  2. Internal Control

• Oversees the effectiveness of the internal control system and practices, particularly as regards OSCE’s Common Regulatory Management System (CRMS);

• Whereas risk management monitors and assesses current and emerging risks, internal control co-ordinates the monitoring and reporting of risks by assessing the effectiveness of internal controls put in place to bring the risk exposure to within acceptable levels. It does so by assessing, drafting and communicating policies, guidance and advice on internal controls, including the coordination and challenge of mandatory checks and verifications by risk owners;

• Plays a major role in the annual Internal Control Walkthrough exercise, an important management tool that helps the OSCE provide reasonable assurance across the organization by integrating risk management and internal controls in each and all executive structures. The exercise aims at assessing and evaluating the efficiency and effectiveness of the OSCE’s control environment.

  3. Information Security

• OSCE bases itself on ISO27001 standard. The incumbent manages OSCE-wide Information Security with the purpose of helping OSCE protect and manage the integrity, confidentiality and availability of information assets and information systems. Providing to the Secretariat and Field Missions expert advice on information security by establishing and reviewing a common information security vision, policy, objectives and principles across the OSCE; working with risk owners and executive management to help determine acceptable levels of risk for the OSCE; and being a part of the collective arrangements for cyber security incident response, together with ICT;

• Develops, maintains and publishes OSCE-wide information security guidelines and instructions as appropriate for its role;

• Further, the incumbent designs and implements the program of Information Security risk assessment, security assurance and security monitoring, acting as the focal point for the interpretation and monitoring of policies, norms and standards.

  4. Internal consultancy and advisory work

• The Unit’s wide remit means that it engages in numerous, cross-functional activities and consultations, to which it provides technical expertise and advice;

• Chief among these activities is overseeing the Secretariat’s portfolio on Implementing Partners (IP), including providing advice/support on compliance and administrative management of IPs to Programme and Project managers across the OSCE;
• Being involved with colleagues in other activities such as liaising with internal and external auditors; the design, testing and use of models to automate tasks; the review, design and formalisation of processes, including visual aids; the design, organization and delivery of training; and the review of project proposals.

For more detailed information on the structure and work of the OSCE Secretariat, please see https://www.osce.org/secretariat

Necessary Qualifications:

• Second-level university degree, whose content and provision of the experience and skills needed, as listed below, is relevant to the wide range, complexity and interdisciplinary character of the job. This includes, but is not limited to degrees in: Business, Law, Finance, Economics, Physical Science, Life Science, Earth Science, Technology, Engineering, Computer Science, Mathematics, Political Science, History, Criminology; a first-level university degree in combination with two years of additional qualifying experience may be accepted in lieu of the second-level university degree;
• A recognized professional qualification in the areas of banking (CFA, CPA, CBCA, MBA, CFSA or equivalent) finance (ACCA, CMA, CPA or equivalent), risk management (CRMA, FRM, CRCMP, ERMCP or equivalent), audit (CIA, CPA, CISA, CGAP, or equivalent), information technology (CISSP, CISM, CRISC or equivalent), will be considered an advantage;
• At least five years of experience in relevant fields such as risk management, internal control, compliance, information security, audit, finance, banking, consultancy, law, or project management, with increasing responsibilities; experience in multiple areas is an advantage;
• Experience in one or more international organizations, and/or one or more international private companies; experience in both international organizations and international companies will be considered an advantage;
• Demonstrates the ability to use structured problem-solving, use logical reasoning, understand biases and see relevant information when making decisions or offering advice;
• Demonstrates the ability to critically analyse complex issues, develop pragmatic plans, effectively prioritize tasks, communicate clearly with diverse audiences, and adapt creatively to changing circumstances;
• Demonstrates experience in taking calculated risks, driving innovation, taking ownership of goals, and thriving in uncertainty;
• Has excellent verbal and written communication skills in English, the main working language in the organization;
• Has knowledge of another official OSCE language, namely French, German, Italian, Spanish or Russian, will be considered an advantage;
• Exhibits digital literacy and fluency, utilizes data analysis and computational thinking, understands digital systems including data and cybersecurity, and adapts technology to operational needs;
• Has the ability and willingness to work as a member of team, with people of different cultural, and religious backgrounds, different gender, and diverse political views, while maintaining impartiality and objectivity;
• Has demonstrated gender awareness and sensitivity, and an ability to integrate a gender perspective into tasks and activities;
• Possesses digital literacy and is proficient in the use of Microsoft Office (Outlook, Word, Excel and PowerPoint), internet.

Remuneration Package:

Monthly remuneration is around EUR 7,800, with the actual monthly salary depending on post adjustment and family status. OSCE salaries are exempt from taxation in Austria. Social benefits will include possibility of participation in the Cigna medical insurance scheme and the OSCE Provident Fund. Other allowances and benefits are similar to those offered under the United Nations Common System.

Please note that appointments are normally made at step 1 of the applicable OSCE salary scale.

If you wish to apply for this position, please use the OSCE's online application link found under https://vacancies.osce.org/.

The OSCE retains the discretion to re-advertise/re-post the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration.

Only those candidates who are selected to participate in the subsequent stages of recruitment will be contacted.

Candidates interviewed and found suitable in the recruitment process for this vacancy notice will be placed on a roster of suitable candidates (valid for three years) for fixed-term posts, should a suitable opportunity arise. The placement on a roster does not guarantee a future appointment or assignment.

Please note that vacancies in the OSCE are open for competition only amongst nationals of participating States, please see https://www.osce.org/participating-states.

The OSCE is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all religious, ethnic and social backgrounds to apply to become a part of the Organization.

Candidates should be aware that OSCE officials shall conduct themselves at all times in a manner befitting the status of an international civil servant. This includes avoiding any action which may adversely reflect on the integrity, independence and impartiality of their position and function as officials of the OSCE. The OSCE is committed to applying the highest ethical standards in carrying out its mandate. For more information on the values set out in OSCE Competency Model, please see https://jobs.osce.org/resources/document/our-competency-model.

The OSCE is a non-career organization committed to the principle of staff rotation, therefore the maximum period of service in this post is 7 years.

The mandatory retirement age at the OSCE is 65 years for contracted positions at the general service, professional and director level. The Organization shall apply an age limit of 63 years at the time of appointment as the incumbent selected is normally expected to carry out the contractual obligation of two years.

Please be aware that the OSCE does not request payment at any stage of the application and review process.

Additional Information

• Issued by: OSCE Secretariat
• Requisition ID: SEC000599
• Contract Type: International Contracted
• Grade: P3
• Job Level: Professional
• Job Type: Contracted
• Number of posts: 1
• Location: SEC - OSCE Secretariat, Vienna
• Issue Date: Aug 22, 2024
• Closing Date: Sep 19, 2024
• Employee Status: Fixed Term
• Schedule: Full-time
• Education Level: Bachelor's Degree (First-level university degree or equivalent)
• Job Field: Budget & Finance
• Target Start Date: As soon as possible

Apply now

Added 1 day ago - Updated 8 hours ago - Source: vacancies.osce.org