Principal Information Technology Specialist (Governance, Risk, and Compliance)

Reference #: ADB-HR-13-0297

Position Title: Principal Information Technology Specialist (Governance, Risk, and Compliance)

Department: Office of Information Systems and Technology

Division: Office of the Principal Director, OIST

Location: Manila, Philippines

Recruitment Type: International

Closing Date: 7 June 2013 , 5:00 p.m. (1700 Manila Time, 0900 GMT)

Job Purpose:

Provide expert guidance in the fields of IT Governance, Risk and Compliance (GRC). Promote and support a culture of compliance, risk avoidance/mitigation, and accountability throughout the organization. Identify opportunities to build GRC programs into the daily operations of the Office.

Support Advisor, OIST and Head, IT Governance and Portfolio Management Unit in integrating GRC functions with Portfolio Management activities to ensure efficiency and effectiveness in the use of resources and adherence to processes and procedures. Coordinate the internal IT Audit activities of the Office and work within a framework of broad policies, principles and goals, applying a high degree of autonomy in selection of work methods.

Expected Outcomes

1. IT Governance

- Promote good IT governance principles and processes across all IT functional areas.
- Consolidate, improve, and standardize IT process governance requirements, mechanisms, and methodology.
- Design and implement mechanisms to improve and monitor IT controls in OIST and in ADB; periodically review and evaluate IT governance practices and associated monitoring and reporting systems to ensure that OIST management receives sufficient and timely information about IT performance for appropriate decision making.
- Work closely with OITD to define and streamline all governance frameworks under one harmonious system.
- Ensure that OIST regulations, standards, procedures and processes are developed, approved, implemented and maintained to support and adhere to attestation and comply with regulatory and legal requirements.
- Conduct advisory reviews on IT processes and internal controls procedures to assess control effectiveness and propose remediation steps where needed.
- 
- Work with Controller’s Department, Office of Risk Management, Treasury Department, Office of the Auditor General and other relevant ADB departments to maintain a cohesive governance, risk, and compliance strategy and implementation plan.
- Plan, strategize and implement Governance, Risk and Compliance (GRC) awareness and communications programs in OIST and other relevant departments. This includes: (i) promoting assurance initiatives; (ii) heightened awareness of IT General Controls, IT Infrastructure Library (ITIL), IT Security; and (iii) understanding of new and existing regulations and processes.
- Lead in the development and implementation of tools, training programs, policies, and procedures to support GRC activities.

2. Risk

- Promote Risk Management culture in OIST.
- Lead the development and maintenance of a framework that defines the OIST overall approach to IT risk and control that aligns with the IT policy, control environment, and ADB risk control frameworks.
- Define OIST’s overall approach to IT risk and control and strengthen sustainability of internal control reviews.
- Serve as the point of contact for risk management in OIST and channel communications received from internal/external parties to the appropriate resources.
- Conduct the annual IT risk assessment in OIST.
- Implement and maintain a mechanism to monitor risk response activities in OIST, report to manage regularly.
- Define OIST’s overall approach to IT risk and control and strengthen sustainability of internal control reviews.
- Serve as the point of contact for risk management in OIST and channel communications received from internal/external parties to the appropriate resources.
- Conduct the annual IT risk assessment in OIST.
- Implement and maintain a mechanism to monitor risk response activities in OIST, report to manage regularly.

3. Compliance

- Evaluate management practices to ensure compliance with the organization’s IT strategy, policies, standards, and procedures.
- Manage the OIST team that conducts the annual Assertion & Attestation exercise for ADB.
- Oversee and guide the implementation of health check reviews on selected IT projects and programs and creation of project score cards.
- Lead independent verification and validation reviews on IT projects to ensure compliance with OIST’s Project Management Framework (PMF) and the System Development Lifecycle (SDLC) and identify points for improvements on both the development process and the output system.
- Serve as the point of contact for compliance issues and channel communications received from internal/external audits to the appropriate resources for investigation and resolution.
- Work closely with other groups in OIST to ensure that all internal controls are developed and complied with in alignment to ADB’s overall objectives.

4. Staff Supervision

- Create and lead multidisciplinary teams and ensure the overall quality of its work.
- Supervise the performance of team and individuals providing clear direction and regular monitoring and feedback on performance
- Provide coaching and mentoring to team and individuals and ensure their ongoing learning and development.

Educational Requirements:

Application of Technical Knowledge and Skills

• Provides supervision to others in completing their technical tasks
• Called upon for advice and guidance based on expertise gained by working in different countries and organizations
• Contributes advanced knowledge and expertise to different parts of the Department

Client Orientation

• Proposes effective services and solutions to staff beyond presenting issues and past challenges
• Assists colleagues adapt to the cultural and business norms of diverse clients and country situations
• Gains respect for the breadth and depth of expertise demonstrated in effectively managing diverse clients and country situations
• Called upon to resolve client situations that may impact their long-term ADB relationship

Achieving Results and Problem Solving

• Resolves situations where client needs are not being met
• Shares past experiences from different projects, organizations, and countries to help achieve quality results
• Ensures that thorough analysis includes current and relevant factors from different countries and contexts
• Sought out for guidance and experience in overcoming the most challenging situations
• Draws on long-term relationships with stakeholders to help plan for and achieve results

Working Together

• Addresses team members not contributing to required standards
• Commits to delivering timely and high quality work to assist in the team’s success
• Develops and maintains good internal and external peer and senior level relationships
• Helps teams understand common features to build rapport and overcome challenges

Communication and Knowledge Sharing

• Provides stakeholders with the level and quality of information required to achieve outcomes
• Encourages others to seek long-term solutions to address feedback opposed to focusing on immediate concerns or reactions
• Uses breath of multi-country and multi-client knowledge to equip clients and staff for more effective outcomes
• Designs and implements project and program knowledge and services

Innovation and Change

• Consistently seeks more effective and practical ways for the Departmental delivery of services, products, and processes
• Proposes new ways to improve the quality and relevance of products and services
• Includes the core benefits and reasons for change when developing comprehensive change roll out plans
• Influences and persuades decision makers by presenting business cases supporting the proposed changes

Relevant Experience And Other Requirements:

Master's Degree, or equivalent, in Information Technology, Computer Science, Management, Audit, Engineering, or related fields. University degree in Information Technology, Computer Science, Management, Audit, Engineering, or related fields combined with specialized experience in similar organization/s, may be considered in lieu of a Master’s degree.

Core Competencies:

- Suitability to undertake the responsibilities mentioned above at the required level
- At least 12 years of experience in the area of IT Assurance in broad areas of IT including, but not limited to, IT Governance, IT Audits, IT Process Quality, and Service Quality.
- Experience in handling audits, attestations, and internal control procedures are highly desirable.
- Knowledge of IT governance frameworks such as Control Objectives for Information and Related Technology (COBIT), IT Infrastructure Library (ITIL), Project Management Body of Knowledge (PMBOK), PRINCE 2 or Risk Management is required.
- Experience in IT project management and Software Development Life Cycle (SDLC) process quality assurance or software quality management is required.
- Certification related to Project and Portfolio Management and Information Systems Audit, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), or equivalent is highly preferred.
- Experience and certification in IT development processes such as Capability Maturity Model (CMM) and ITIL are highly desirable.

Immediate Reporting Relationships / Other Information:

The position reports to: Advisor, OIST and Head, IT Governance and Portfolio Management Unit, OIST.

Click here for further details and application