Artificial Intelligence and Cybersecurity Governance Framework and Adoption Consultant

Result of Service1. AI Governance Framework Document: Includes guiding principles, governance structure, RACI matrix, policies, risk framework, and continuous improvement plan. Updated policies, roles and responsibilities, and usage protocols. 2. Cybersecurity Governance Framework Document: Covers principles, 3 Lines of Defense model, RACI matrix, policies, risk criteria, incident response, and improvement plan. 3. AI Implementation Plan: Prioritized use cases, deployment roadmap, and process redesign recommendations. 4. Microsoft 365 AI Enablement Blueprint: Configuration guidance, Power Platform integration, and security controls. 5. Vendor Oversight Dashboard: Tracks consultant/vendor activities, risks, and alignment with governance. 6. Tooling and Monitoring Assessment Report: Evaluation of current tools, gap analysis, and recommendations. 7. Cybersecurity Alignment Report: AI-related cybersecurity risks, mitigations, and compliance checklist. 8. AI Adoption and Change Enablement Toolkit: Communication materials, use case playbooks, adoption roadmap, and success metrics. Training and Workshop Delivery: At least three hands-on sessions with supporting materials. Final Report and Sustainability Plan: Consolidated findings, lessons learned, and long-term governance roadmap. Work LocationNew York Expected duration6 months Duties and ResponsibilitiesThe United Nations Joint Staff Pension Fund (UNJSPF), through its Office of Investment Management (OIM), is undertaking a strategic initiative to define and institutionalize governance frameworks for Artificial Intelligence (AI) and Cybersecurity. These frameworks will support the responsible adoption of AI technologies, ensure alignment with UNJSPF’s data governance and risk management principles, and strengthen operational resilience. To facilitate this work, the individual Contractor is expected to be familiar with standard concepts, practices and procedures with both AI governance and Cybersecurity and can participate in all efforts to successfully develop an AI Governance framework. The duties and responsibilities of the consultant is as follows: 1. Define and Map Out AI Governance Framework Develop guiding principles for AI governance aligned with UN/OIM standards. Propose a governance structure with defined roles and responsibilities. Create a RACI matrix for AI implementation and oversight. Define policies and standards consistent with OIM’s data governance. Develop a risk management framework for AI. Outline a framework for continuous improvement and lifecycle governance. Develop or refine internal AI governance frameworks and policies. Align with UN/OIM principles on responsible AI, ethics, and digital trust. Promote internal protocols for transparency, accountability, and human oversight. 2. Define and Map Out Cybersecurity Risk Governance Framework Establish guiding principles for cybersecurity governance. Define governance structures and RACI matrices across the Three Lines of Defense: 1st Line: Operational Management; 2nd Line: Risk Management & Compliance; 3rd Line: Internal Audit. Align cybersecurity policies with OIM’s data governance. Define risk assessment criteria across the three lines. Develop an incident response and recovery framework. Propose a continuous improvement model for cybersecurity governance. 3. AI Readiness and Implementation Planning Identify and prioritize AI use cases relevant to OIM’s needs. Develop a detailed implementation plan with timelines and dependencies. Support process redesign to embed AI capabilities securely and effectively. 4. Microsoft 365 AI Enablement Guide configuration, rollout, and training for Microsoft Copilot and other AI features. Support integration with Power Platform tools (Power BI, Power Automate). Ensure data protection and access controls are in place for AI tools. 5. Vendor and Consultant Oversight Monitor and coordinate external consultants and vendors. Establish reporting and escalation mechanisms. Review alignment of vendor deliverables with governance and risk standards. 6. Tooling and Monitoring Capabilities Assess existing platforms (e.g., Microsoft Purview, Entra ID, Defender) for AI governance and adoption. Identify capability gaps and recommend enhancements. Support integration of governance tooling into workflows and reporting. 7. Cybersecurity and Data Protection Alignment Review cybersecurity implications of AI tools. Recommend configurations aligned with Zero-Trust architecture. Ensure compliance with legal, IT security, and data protection requirements. 8. Capacity Building and Change Management Deliver training sessions on AI literacy, responsible use, and integration. Facilitate workshops to build cross-functional understanding and readiness. Support leadership with change management planning for sustainable adoption. Qualifications/special skillsAn advanced university degree (Master’s degree or equivalent) in computer science, information systems, cybersecurity, data science, business administration, or a related field. A first-level university degree in combination with qualifying experience may be accepted in lieu of the advanced degree. A minimum of 15 years of progressively responsible experience in the areas of AI governance, cybersecurity governance, data strategy, or digital transformation. Experience with Microsoft 365 ecosystem, including Copilot, Purview, Entra ID, and Defender. Experience with Data governance tools and platforms. Experience with Risk assessment methodologies and incident response planning. Experience with delivering training and capacity-building workshops on AI and cybersecurity topics. LanguagesEnglish and French are the working languages of the United Nations Secretariat. For this position, fluency in English is required. Additional InformationNot available. No FeeTHE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.