Risk and Assurance Manager

What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide protection and humanitarian assistance to people affected by conflict and armed violence. We take action in response to emergencies and, at the same time, promote respect for international humanitarian law. We are an independent and neutral organization, and our mandate stems essentially from the Geneva Conventions of 1949. We work closely with National Red Cross and Red Crescent Societies and with their International Federation in order to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. We direct and coordinate the international activities conducted in these situations.

Purpose of the position

The Support and Digital Transformation (SDT) department’s primary focus is to ensure robust support to programs and operations by effectively delivering on various services; information and data, delivery of goods and services, financials, the provision of Shared Services and driving ICRC digital transformation. The synergies derived from the combined support functions provides an opportunity for the expansion of the scope of simplification of end-to-end processes and the strengthening of ICRC’s backbone.

​Reporting to the Operating Manager, the Risk and Assurance Manager is responsible for coordinating all risk and assurance activities within the SDT. The specialist provides expertise and support to the management and staff of the Technology and Information (T & I) and Digital Transformation and Data (DTD) divisions in the design, implementation, and monitoring of effective risk management practices, including with risk-based internal controls.

Accountabilities and Functional responsibilities (1/2)

• Supports management of T & I and DTD Divisions on the identification, analysis, and evaluation of key risks in line with acceptable risk criteria.
• Ensures that clear ownership of key risks is assigned with actionable mitigation plans, regularly following up on progress and facilitates coordination among all relevant stakeholders.
• Ensures that both the departmental and divisional risk registers are up to date and accessible to all risk owners.
• Provides consolidated risk analyses and reports to the SDT Management and contributes to organizational reporting on risk and assurance activities led by the Ethics, Risk and Compliance Office and escalates significant risks (including control weaknesses) as necessary.
• Promotes a risk-aware mindset through the provision of guidance, communication, support and training to managers, staff and key stakeholders, to equip them to fulfil their responsibilities in the management of key risks and implementation of adequate controls.
• Supports the identification of key business processes in T & I and DTD_Data and guides prioritization for their review and documentation with business-process owners. Ensures key business-process maps, risk and control documentation is complete and up to date in ICRC’s enterprise architecture tool.

Accountabilities and Functional responsibilities (2/2)

• Conducts field visits to understand the context and assesses the effectiveness of risk-mitigation measures; advises delegation managers and staff on improving risk-management practices and controls. Challenges the effectiveness of risk-management practices and recommends process improvements and automation to make internal controls more effective and efficient
• Acts as a key contact for the Control Testing and Monitoring Unit, external and internal auditors, and other assurance providers for T & I and DTD
• Coordinates internal and external audit engagements and other similar assurance activities and provides support to T & I and DTD Management in the development of effective action plans to address internal control weaknesses
• Follows up on all outstanding audit points raised in Internal audit reports, management letters and other assurance reports to ensure that all committed action points have been implemented
• Collaborates with other risk and assurance functions and relevant internal stakeholders to share best practices and knowledge, identify potential synergies to address cross-cutting risks and issues, and work on global initiatives to improve risk-management practices and the internal control system

Desired profile and skills

• Highly developed cultural awareness, ability to work well in a diverse, international environment and to build strong, inclusive global networks. Strong motivation to support the ICRC's diversity and inclusion ambitions.
• Ability to investigate, analyze and contextualize issues, identifying key points to be addressed and simple plans to resolve problems.
• Excellent attention to detail and the ability to plan and follow tasks and ideas through to completion.
• Ability to work in a fast-paced environment, adapt work plans, manage competing priorities and meet deadlines. 
• Strong capacity and interest in relationship building at every level of the organization and in delivering with others.
• Highly resilient and comfortable with change while operating under your own initiative and at pace.
• Excellent interpersonal skills, including influencing and negotiation.

Education required

• Master’s degree in Business Administration, IT or other similar degree is compulsory
• Certification in Risk Management (e.g., Certification in Risk Management Assurance (CRMA), Certified in Risk and Information Systems Control (CRISC)) and/ or other similar qualifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), or equivalent practical experience.
• Certification in project management or equivalent practical experience is an asset.
• Certification in process design and re-engineering (e.g., Lean Six Sigma), or equivalent on-the-ground experience is an asset.
• Computer proficiency; knowledge of computer-assisted audit techniques (CAATs), e.g., Erwin, IDEA software, an added advantage is an asset.
• Fluency in verbal and written English is required and knowledge of French and/or other language is an asset

Professional Experience required

• Eight to twelve years of overall professional experience is required
• Five to ten years of work experience, in risk management, compliance or audit role is required
• Two to five years of work experience, in the humanitarian sector or with a recognized international organization (ICRC experience a plus)

Relationships

• Internally, interacts with other risk and assurance teams, division/department managers and staff, business-process owners, the control, testing and monitoring team, the Ethics, Risk and Compliance Office, the Internal Audit Unit and Legal Counsel.
• Externally, may interact with donors and external auditors and other assurance players.

Additional information

• Type of role: Headquarters
• Working rate: 100%
• Starting date: ASAP
• Location: Geneva
• Job level: C2
• Length of assignment: until 31st May 2028 
• Type of position: Long-Term Assignment 
• Application deadline: Sunday, 8th Dec 2024
   

The ICRC values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates.