Background:
The OSCE has a comprehensive approach to security that encompasses politico-military, economic and environmental, and human aspects. It therefore addresses a wide range of security-related concerns, including arms control, confidence- and security-building measures, human rights, combating human trafficking, national minorities, democratization, policing strategies, counter-terrorism and economic and environmental activities. All 57 participating States enjoy equal status, and decisions are taken by consensus on a politically, but not legally binding basis.
The OSCE Secretariat in Vienna assists the Chairpersonship in its activities, and provides operational and administrative support to the field operations, and, as appropriate, to other institutions.
The Department of Management and Finance (DMF) is responsible for managing the material and financial resources of the Organization. The objective of DMF is to provide efficient and effective management of non-staff resources in support of OSCE programmatic activities. It provides policy guidance on the management of financial and material resources and develops and maintains the OSCE Financial Regulations and Financial/Administrative Instructions. DMF consists of Budget and Finance Services, Mission Support Services, Information and Communication Technology Services and the Risk Management, Compliance and Information Security Unit.
The Risk Management, Compliance and Information Security (RCIS) Unit, in the Office of the Director, performs a diverse set of OSCE-wide compliance-related functions. In addition to overseeing the Organization's Risk Management Framework, co-ordinating the Internal Control system, and supporting Information Security, the Unit manages the Secretariat Implementing Partner portfolio, OSCE-wide Data Privacy, and advises senior management on related activities.
Tasks and Responsibilities:
As Chief, Risk Management, Compliance and Information Security, you will report to the Director for Management and Finance and will supervise a team of three. More specifically, you will be responsible for the following:
1. Risk Management and Compliance/Internal Controls
Together with senior management, developing and formalising a risk management strategy that aligns with the Organization's overall political strategy, objectives and outcomes; Helping senior and middle managers to adapt to strategic changes in their operations based on existing or emerging risks and to determine acceptable levels of risks; In collaboration with relevant departments at the Secretariat, creating comprehensive risk assessments of the organization activities, identifying potential risks and mitigation strategies as well as monitoring risk levels over time; Making recommendations to adequately protect the organization against excessive risks that could impair the functioning of the organization; Analysing data and making recommendations on emerging risks that could impair diplomatic efforts, such as cyber risks; Providing guidance, including workshops and training, to risk owners at the Secretariat and other executive structures about how to manage risks; In the long-term, helping senior management establish a culture of risk awareness among employees so that they are aware of any emerging risk that can be effectively dealt with at an early stage; Promulgating OSCE wide guidance and advice on internal controls, including conduct of mandatory checks and verifications; Implementing relevant internal controls such as policies, procedures, walkthroughs and training to ensure that they are aligned with senior managements' risk appetite and strategy.
2. Information Security
Managing the provision of expert advice on information security and related risks and ensuring the common information security policy, vision, objectives and principles across the OSCE; Protecting and managing the integrity, confidentiality and availability of information assets and information systems, as well as personal data; Acting as a focal point for information security and managing and overseeing the top information security related risks, managing the development of information classification, implementation of information security ISO standards, cyber incident response arrangements, including that of business continuity and disaster recovery; Guiding the utilization of common management tools and overseeing all common information security investments.
3. Implementing Partner Management
Overseeing the Secretariat IP portfolio, including providing advise/support on compliance and administrative management of IPs to Programme and Project managers across the OSCE.
4. Data Privacy
Promulgating relevant policy and providing guidance and advice OSCE-wide on developments and practices in personal data privacy and protection; Overseeing and steering the implementation of relevant policies and practices in line with international requirements, best practices and in compliance with EU pillar assessment results on data privacy in consultation with key stakeholders; Overseeing the establishment and steering of network of data protection focal points across all executive structures; Performing other tasks such as handling of various compliance related inquiries and providing advice, processing modifications and enhancements, co-ordinating DMF-related audit recommendation follow-up, issuingof statistical reports, etc.
For more detailed information on the structure and work of the OSCE Secretariat, please see https://www.osce.org/secretariat
Necessary Qualifications:
Remuneration Package:
Monthly remuneration is around EUR 8,800, with the actual monthly salary depending on post adjustment and family status. OSCE salaries are exempt from taxation in Austria. Social benefits will include possibility of participation in the Cigna medical insurance scheme and the OSCE Provident Fund. Other allowances and benefits are similar to those offered under the United Nations Common System.
Please note that appointments are normally made at step 1 of the applicable OSCE salary scale.
If you wish to apply for this position, please use the OSCE's online application link found under https://vacancies.osce.org/.
The OSCE retains the discretion to re-advertise/re-post the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration.
Only those candidates who are selected to participate in the subsequent stages of recruitment will be contacted.
Please note that vacancies in the OSCE are open for competition only amongst nationals of participating States, please see https://www.osce.org/participating-states.
The OSCE is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all religious, ethnic and social backgrounds to apply to become a part of the Organization.
Candidates should be aware that OSCE officials shall conduct themselves at all times in a manner befitting the status of an international civil servant. This includes avoiding any action which may adversely reflect on the integrity, independence and impartiality of their position and function as officials of the OSCE. The OSCE is committed to applying the highest ethical standards in carrying out its mandate. For more information on the values set out in OSCE Competency Model, please see https://jobs.osce.org/resources/document/our-competency-model.
The OSCE is a non-career organization committed to the principle of staff rotation, therefore the maximum period of service in this post is 7 years.
Please be aware that the OSCE does not request payment at any stage of the application and review process. Additional Information
Issued by: OSCE Secretariat Requisition ID: SEC000208 Contract Type: International Contracted Grade: P4 Job Level: Senior Professional Job Type: Contracted Number of posts: 1 Location: SEC - OSCE Secretariat, Vienna Issue Date: May 9, 2023 Closing Date: May 30, 2023 Employee Status: Fixed Term Schedule: Full-time Education Level: Master's Degree (Second-level university degree or equivalent) Target Start Date: As soon as possible