Category: ODG/OIO
Post title: Senior Information Systems & Confidentiality Auditor
Grade: P-4
Contract Type Fixed term
Job Summary
This position is part of the Office of Internal Oversight (OIO) which responsibility and key objectives are to ensure that transactions are in compliance with policies, regulations, rules and directives.
The primary responsibilities of the Senior Information Systems & Confidentiality Auditor are to ensure that OPCW's financial, physical and human resources are utilised efficiently and economically and that programmes and activities are consistent with the commitment set forth in the approved budget.
This position is also responsible for monitoring and assessing the implementation of the Confidentiality Regime and assisting in establishing, developing, and maintaining a Quality Assurance System in the Secretariat.
Main Responsibilities
As the Senior Information Systems & Confidentiality Auditor (P-4), you will be responsible for the following duties:
To audit, inspect and evaluate information systems, the implementation, the reliability, and integrity of the OPCW Confidentiality Regime and of its internal systems of security. This will include the following:
- Systems and process reviews – (audit and evaluation assignments which look at specific aspects of the working of Divisions/Branches primarily the Information Services Branch, Office of Confidentiality and Security, Verification Division, and the Inspectorate Division).
- (ii) Compliance reviews.
- (iii) Consultancy – (provision of advice on risk management and controls, with focus on confidentiality and systems)
- (iv) Investigations – (where confidentiality breaches or violation of the confidentiality procedures are suspected, supporting the Senior Internal Investigations Officer).
Undertake the IT Audits of the computerised systems of OPCW both on Security Critical Network as well as Security Non-Critical Network.
- Undertake audits pertaining to implementation of IT Governance and Business Continuity Planning.
- Undertake evaluations of OPCW exercises on Challenge Inspection and Investigations of Alleged Use.
- Develop audit plans and work programmes indicating the general objectives and the scope for the different assignments.
- Audit the implementation of the confidentiality regime for handling, storing, processing, and disseminating classified information (according to policies) in both hard copy and electronic form.
- Review the implementation of procedures related to the handling and storage of confidential information in the Security Non-Critical Area.
- Inspect, verify, and assess the reliability and integrity of the monitoring and control functions in the field of confidentiality.
- Assess the current working instructions and flow of work used by operational Divisions and Branches for confidentiality policy compliance and make recommendations to improve and streamline these procedures.
- Develop the annual audit plan, which is subject to review by the Director of the Office of Internal Oversight.
- Prepare the first draft of the OIO Annual Report under area of incumbency.
To report on the results of the audits, investigations, inspections, and evaluations carried out
- Draft reports and recommendations to be approved by the Director, Office of Internal Oversight; evaluate the comments of the auditees on the draft reports and prepare the final reports.
To follow up on the implementation of information systems, confidentiality, and security related recommendations
- Participate in quarterly follow up exercise of audit recommendations
- Monitor and assess on a continuous basis measures taken by auditees to implement recommendations
To provide advice to management in the areas of information systems, confidentiality, and security
- Attend Committee and Steering group meetings and write comments when required by management.
- Respond to ad hoc requests for advice on risks and internal controls in the areas of information systems, confidentiality, and information security.
Educational qualifications required for this post:
Essential:
- Advanced University Degree or equivalent in Auditing, Management, or Information Systems. A first level university degree in combination with qualifying experience (minimum 9 years) may be accepted in lieu of the advanced university degree.
- Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA) or equivalent certification.
Experience:
Essential:
- Seven years of progressive experience in relevant areas like IT Auditing, process reviews, performance auditing and handling of classified data. In case of a First University Degree, candidate should have nine years of relevant experience.
- IT Audit experience.
Desirable:
- Experience of auditing automated systems and ERP systems. Knowledge of Unit4 and IDEA.
Skills and Abilities (key competencies):
To succeed in this role, you will need the following skills and competencies:
- Displays knowledge and understanding of principles and methodologies governing audit and evaluation exercises within an international environment.
- Displays strong organisational and time management skills and understands the importance of adhering to strict deadlines.
- Shows excellent interpersonal skills and ability to interact with colleagues in other departments at all levels of the Organisation.
- Proven negotiation skills, and an ability to defend observations made and recommendations given, even when they differ with others.
- Displays flexibility, adaptability, and the capacity to work under pressure of high volume and under tight deadlines.
- Communicates clearly and convincingly; demonstrates strong oral and written communications skills. Is particularly able to draft clear and thorough reports within the parameters provided and to communicate complex matters in an understandable and succinct manner.
- Is detail oriented and shows commitment to correctness, accuracy, and quality in preparing internal audit reports, having regard to the applicable OPCW legal framework and standard operating procedures.
- Leads development of clear office strategy; anticipates and understands client needs, formulates clear strategic plans, prioritises workload, and allocates resources according to priorities.
- Shows tact, discretion, and ability to work harmoniously in a multi-cultural environment.
- Demonstrates understanding and competence on audit design, data collection and analysis.
- Computer literacy (MS Office software applications)
Language Requirements:
Language Requirements: Fluency in English is essential and a good working knowledge of one of the other official languages (Arabic, Chinese, French, Russian, and Spanish) is desirable.