INTERNATIONAL TELECOMMUNICATION UNION
ITU is the leading United Nations agency for information and communication technologies, with the mission to connect the world. To achieve this, ITU manages the radio-frequency spectrum and satellite orbits at the international level, works to improve communication infrastructure in the developing world, and establishes global standards that foster seamless interconnection of a vast range of communication systems.
ITU applies a zero-tolerance policy against all forms of harassment. ITU is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons with disabilities, to apply to become a part of the organization. Achieving gender balance is a high priority for ITU.
Head, Enterprise Risk and Internal Controls
Vacancy notice no: 2383
Sector: SG
Department:
Country of contract: Switzerland
Duty station: Geneva
Position number: SG15/P5/86
Grade: P5
Type of contract: Fixed-term
Duration of contract: 2 years with possibility of renewal
Recruitment open to: External
Application deadline (Midnight Geneva Time): 17 September 2026
ORGANIZATIONAL UNIT
The General Secretariat directs administrative, human and financial resources and activities of the Union, including the implementation of the provisions of the administrative regulations on operational questions, the dissemination of information on telecommunication/ICT matters for operational and other purposes, and the provision of legal advice to the whole of the Union. The General Secretariat coordinates the implementation of the Strategic Plan, monitors the telecommunication/ICT environment and recommends as needed action relating to the Union’s future policies and strategy. The General Secretariat ensures inter-sectoral coordination and cooperation to advance a whole of ITU approach (One-ITU) in headquarters and the field. The General Secretariat provides logistical and information technology support to the Union’s activities including conferences and global forums; the coordination of the work of the Union with the United Nations system, and other international organizations; and the engagement of the Member States, Sector Members, and Academia. The General Secretariat manages corporate governance, and strategic communications and relations with the media, different stakeholder groups as well as the general public.
The Head, Enterprise Risk and Internal Controls, is a senior, organization‑wide function responsible for the design, implementation, and continuous strengthening of ITU’s enterprise risk management, internal control and related second-line oversight frameworks. The post provides a second‑line challenge and coordination function and ensures that risk management is strategically positioned, fully integrated into corporate strategy, planning, major initiatives, and performance management, and aligned with leading international practices (COSO ERM 2017, ISO 31000). The role also supports coherent implementation of the Three Lines Model by clarifying roles and responsibilities, strengthening coordination among assurance functions, and reinforcing accountability, control effectiveness and risk-informed decision-making across the organization.
The position reports to the Secretary‑General and responds directly to the findings and recommendations of the EY Risk Management Maturity Assessment, which concluded that the risk function must be elevated in seniority, scope, authority, and organizational positioning.
- Own and oversee ITU’s enterprise risk management, internal controls and related second-line frameworks, policies, and methodologies, ensuring alignment with leading practices and ITU’s strategic and operational objectives and performance management processes.
- Provide second-line challenge, advice, and oversight, to managers and risk owners across all Bureaus and Departments, on the identification, assessment, mitigation, escalation and monitoring of strategic, operational, financial, fiduciary, technology, cyber, compliance and emerging risks -challenging assumptions related to major transformation initiatives, digital governance, and long-term financial sustainability, including ASHI liabilities and the implications of zero nominal growth.
- Own the ERM framework, the reporting approach and quality assurance of risk information, and oversee the enterprise risk profile, corporate risk register, risk taxonomy, risk-rating methodology, risk appetite-related parameters, ensuring consistency, quality, timely updates and effective escalation of material risks (while risk ownership remains with first-line managers in the Bureaux, Departments and operational units)
- Strengthen and coordinate the internal controls and compliance follow-up framework, as part of the overall Accountability Framework, including through ensuring up-to-date and monitoring of oversight recommendations through the Compliance Dashboard and supporting robust validation and challenge mechanisms for the Letter of Representation and Statement on Internal Controls processes.
- Coordinate risk interdependencies across the Three Lines model of the organization, working closely with the relevant assurance functions (including Oversight/Internal Audit/Evaluation, Ethics, Legal, Information Security and other relevant functions) in order to support coherent, non-duplicative coverage and effective escalation, ensuring an integrated assurance approach.
- Lead integration of risk considerations into strategic planning, operational planning, major initiatives, performance management and decision-support processes, including through horizon scanning, scenario analysis, and assessment of emerging risks and risk interdependencies.
- Prepare and present consolidated risk and control reporting to senior management and relevant Governing bodies, including any related risk management committees and other Executive forums, covering key exposures, trends, control effectiveness, mitigation progress and matters requiring management action or escalation.
- Promote a strong risk and internal control culture across the organization through role-based training, awareness initiatives, guidance and engagement with managers and staff to strengthen accountability and risk-informed decision-making.
- Serve as Secretary to the relevant risk management committee, preparing high‑quality materials and supporting the committee in fulfilling its governance, oversight, and advisory mandate.
- Perform any other related duties as necessary.
Applying Expertise; Effective Communication; Learning and Knowledge Sharing; Organizational Commitment; Results-Focused, and; Teamwork and Collaboration.
Analysis, Judgement and Decision Making
Client and Service Orientation
Innovation and Facilitating Change
Leadership
Networking and Building Partnerships
Planning and Organising
Successful Management
- Advanced knowledge of Enterprise Risk Management frameworks and standards (such as COSO ERM / ISO 31000).
- Strong analytical skills for enterprise risk assessment, including the application of scenario analysis, stress testing and key risk indicators.
- Strong knowledge of internal controls, accountability frameworks and second-line compliance monitoring mechanisms.
- Demonstrated ability to coordinate with assurance functions.
- Ability to oversee enterprise reporting, recommendation follow-up and governance reporting to senior management and committee.
Education:
Advanced university degree in Risk Management, Business Administration, Finance, Engineering, Telecommunications, or a related field OR education from a reputed college of advanced education with a diploma of equivalent standard to that of an advanced university degree in one of the fields above.
For internal candidates, a first university degree in one of the fields above in combination with fifteen years of qualifying experience may be accepted in lieu of an advanced university degree for promotion or rotation purposes.
Professional certifications such as IRM Diploma, ISO 31000 Lead Risk Manager, COSO ERM, CRMA or CERM are desirable.
Experience:
At least ten years of progressively responsible experience in enterprise risk management, internal controls, compliance monitoring and/or related second-line governance functions, including leadership of an ERM function or equivalent strategic oversight role, including at least five at the international level. A Doctorate in a related field can be considered as a substitute for three years of working experience.
Experience integrating risk management with strategy, planning, and performance management.
Experience supporting senior governance bodies and committees.
Experience in international or multilateral organizations would be an advantage.
Experience in fraud risk assessment would be an advantage.
Demonstrated experience integrating risk management into strategy, planning, performance management and decision-making processes.
Languages:
Knowledge of one of the six official languages of the Union (Arabic, Chinese, English, French, Russian, Spanish) at advanced level and knowledge of a second official language at intermediate level. Knowledge of a third official language would be an advantage. (Under the provisions of Resolution No. 626 of the Council, a relaxation of the language requirements may be authorized in the case of candidates from developing countries: when candidates from such countries possess a thorough knowledge of one of the official languages of the Union, their applications may be taken into consideration.)
Salary:
Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment (PA) (cost of living allowance).
The PA is variable and subject to change without notice in accordance with the rates set within the UN Common System for salaries and allowances.
Annual salary from $ 86,027 + post adjustment $ 77,854
Other allowances and benefits subject to specific terms of appointment, please refer to: What we offer
INFORMATION ON RECRUITMENT PROCESS
Please note that all candidates must complete an on-line application and provide complete and accurate information. To apply, please visit the ITU Careers website. The evaluation of candidates is based on the criteria in the vacancy notice, and may include tests and/or assessments, as well as a competency-based interview. ITU uses communication technologies such as video or teleconference, e-mail correspondence, etc. for the assessment and evaluation of candidates. Please note that only selected candidates will be further contacted and candidates in the final selection step will be subject to reference checks based on the information provided. Messages originating from a non ITU e-mail account - @itu.int - should be disregarded. ITU does not charge a fee at any stage of the recruitment process.