Internal Audit Manager (Outsourced and Co-sourced Internal Audit Services), P-4, TA, Office of Internal Audit and Investigations (OIAI)

Key Accountabilities
ICT Audit Strategy and Plan:

Develop and update OIAI’s ICT audit strategy and plan, ensuring that these focus on significant risks and there is strong business case for the Deputy/Director of OIAI to identify and allocate the require resources to execute the plan and strategy.
Develop and maintain a pool/roster of subject matter experts (both external and internal to UNICEF) to support the execution of OIAI ICT audit strategy and plan.
Develop tools and guidance that would be used by OIAI staff to assess ICT-related risks of their respective engagements as well as obtain adequate assurance on the design adequacy and operating effectiveness of ICT controls.
Manage ICT audits in highly technical areas of current/emerging technologies, including artificial intelligence, technology for development initiatives, various cloud environments, IT service operation, IT infrastructure, cybersecurity, privacy, and related processes.

Vendor Selection:

Under the supervision and guidance of Chief Audit, the Manager of Out/Co-source Internal Audit Services will:
Develop Terms of Reference (ToR) or tasks orders that would be used to hire subject matter experts.
Obtain and process OIAI staff input pertaining to ToRs.
Promptly process Supply Division’s queries on ToRs that OIAI provides to them.
Work closely with OIAI Administrative Unit to ensure ToRs are promptly provided to the Supply Division and the Supply Division promptly issues requests for proposals (RFPs) accurately reflecting contents of the ToRs.
Promptly process and address queries from potential vendors in respect of the RFP.
Lead technical evaluations of bids, develop drafts of technical evaluation reports, process inputs from evaluation team members and provide the report to the Supply Division.
Based on the results of technical and financial evaluations of bids, advice the Deputy/Director of OIAI on the suitable vendors to select.
Work with the Supply Division and the Legal Office to process waivers requests and amicably resolve matters raised by potential awardees in respect of any general terms and conditions of UNICEF contracts.

Engagement and Vendor Management

The Manager of Out/Co-source Internal Audit Services will facilitate, oversee, and coordinate execution of ICT engagements by consultants hired by OIAI, ensuring that:
The consultants are adequately briefed about relevant UNICEF structures, strategic objectives and priorities, initiatives, operations, etc. before they direct begin to directly engage auditees to manage risk of audit fatigue and build rapport and increase the likelihood of a productive working relationship with the auditee.
The consultants have prompt access to relevant auditees’ staff, documents, and systems.
UNICEF-unique contexts are accurately considered in planning, executing, and reporting in respect of the out/co-sourced engagement.
Relevant OIAI standards and procedures and/or relevant professional standards are adhered to.
Auditees and OIAI’s views are appropriately reflected in the planning, execution and reporting in respect of the out/co-sourced engagement.
The consultant’s engagement scope, objectives are aligned with the relevant ToR or task order and proposed methodology and approach support achievement of the engagement objectives.
The consultant maintains accurate records of meetings and other interactions with auditee by participating in key meetings that they have with auditees.
Milestones in the engagement plan approved by OIAI are effectively monitored to increase scope for their achievement.
OIAI reporting format and templates are utilized.
The performance of the consultants is effectively monitored and evaluated in compliance with relevant UNICEF policies and procedures.

Engagement Workpapers and Monitoring of Actions

The Manager of Out/Co-source Internal Audit Services will ensure:
Working papers of the consultants are uploaded in OIAI Audit Management System, TeamMate+ and cross-referenced to engagement report.
Agreed actions and recommendations are accurately recorded in OIAI Audit Management System, TeamMate+.
Implementation of agreed actions and recommendations are promptly monitored, evidence of implementation provided by auditees is evaluated and OIAI Audit Management System, TeamMate+ is promptly and accurately updated in respect of the implementation status of the recommendations.   
Innovation, Knowledge Management and Capacity Development
Contribute to OIAI’s risk-based work planning activities, development of professional internal audit policies, procedures, and change initiatives.
Participate in professional development activities, and other activities as required.

 To qualify as an advocate for every child you will have…

An advanced university degree (Master’s degree or equivalent) in business administration, finance, economics, accounting, risk management, information technology, or another related field is required. Certification as a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Chartered Accountant (CA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP) or equivalent may be accepted in lieu of an advanced university degree.
At least eight years of progressively responsible relevant professional experience in internal, external auditing, ICT auditing, or managing the development, rollout, and support of ICT services is required.
Fluency in English is required. A working knowledge of another UN language is an advantage.
Ability to navigate through a complex ICT landscape and assess key ICT risks is required.
Experience in developing and executing ICT audit strategy is required.
Good relationship management skills – managing relationships with vendors is required.
Broad based ICT audit technical skill sets is required (e.g., IT Governance, staffing and operational structure, software development and deployment, artificial intelligence, technology for development initiatives, good knowledge of cloud environments such as Azure or AWS, IT service operations, Response and Recovery mechanisms, IT infrastructure, cybersecurity, privacy, and related processes.)
Good knowledge of commonly used ICT audit frameworks and methodologies (e.g., COBIT, NIST, ISO 27001, ITIL etc.) is required.
High level of proficiency and good experience in managing ICT audits and assessing ICT risks is required.
Good experience managing ICT audit consultants, vendors and staff is required.
Experience in managing the development, rollout, and support of ICT services is desirable.
IT project management experience is an asset.
Relevant ICT experience obtained by working in development financial institutions and/or the United Nations System is highly desirable.

Apply via :

jobs.unicef.org