Choose your language:

Organizational Business Risk Manager

ITU Genf Full-time

The General Secretariat directs all the administrative and financial aspects of the Union’s activities, including the implementation of the provisions of the administrative regulations on operational questions, the dissemination of information on telecommunication matters for operational and other purposes, the provision of legal advice to the Bureaux of the Union and the departments of the General Secretariat, logistic support to the Union’s activities including conferences, the coordination of the work of the Union with other international organizations, the dissemination of information to the Member States and Sector Members, press, corporate and individual users of telecommunications and the general public. The General Secretariat is also responsible for the organization of world telecommunication exhibitions and forums.

Organization Unit: 

Within the General Secretariat, the Information Services Department (IS) is the focal point for the ITU information technology services, managing ERP, CRM, documents, information systems and infrastructure, service-desk, library, archives and information management services, safety and security (both physical and logical), to support staff both at Headquarters and in the Field, as well as delegates attending conferences, meetings and events world-wide. It also promotes ICT collaboration, partnerships and information-sharing and represents ITU in inter-organization meetings and committees related to information technology and security management.

Duties / Responsibilities

Under the supervision of the Head, Safety & Security Division (SSD), and in close collaboration with the Organizational Resilience Management System (ORMS) Coordinator and ICT Business Continuity/Disaster Recovery Manager, the incumbent will perform the following duties:

  • Manage, develop, revise, and update risk management related policies, frameworks, appetite statements, protocols, registers, guidance, manuals, or tools for identifying, assessing, monitoring, and reporting on ITU’s risk exposures, including those related with BC and CM, as well as escalation procedures for risks exceeding appetites to ITU’s Senior Management Team.
  • Liaise with and provide specialized advice and support to ITU’s sectors, departments, divisions, or units as well as other internal and external stakeholders, in discharging risk management responsibilities for their respective areas of activities.
  • Manage and support enterprise risk management and control frameworks as a key component of ITU’s accountability and transparency framework, in line with the three lines of defense model for roles and responsibilities for risk and appetite measures.
  • Contribute to ITU’s ORMS by monitoring and assessing potential threats to ITUs’ critical activities, and, where warranted, providing specialized advice, and recommending updates to the Activity Recovery Plans (ARPs), based on a Strategic Business Impact Analysis (SBIA) BIA. Conduct reviews of the adequacy and robustness of controls to respond and mitigate those risks and, where appropriate, identify, design, implement, or recommend compliance measures to ensure that risk exposures remain within appetite, address single points of failure, increase resiliency, or improve the effectiveness of crisis response, business continuity and recovery activities.
  • Keep abreast of new development and consolidate best practices in risk management across the organization, as well as compliance, and organizational resilience, and drive change to ensure continuous improvement. Lead the efforts to embed and foster a risk awareness culture throughout the organization.
  • Support ITU’s focal point and provide specialized advice for best practice sharing on enterprise risk management, at the inter-agency level, and support the interface with the third line of defense on the corporate implementation of risk management. Support the Secretary-General with responses to any scrutiny, concerning risk management from external parties, including the Internal and External Auditor, and the Joint Inspection Unit as required.
  • Support the Secretary-General in the maintenance of the ITU Corporate Risk Register by providing the risk components.
  • Support the Secretary-General in the definition and review of the ITU Risk Management Policy.
  • Liaise with Information Services Department, business managers and business IT specialists and coordinate with the ICT Business Continuity/Disaster Recovery Manager to assist in maintaining the IT Disaster Recovery (ITDR) policy and plan while collaboratively adapting internal risk frameworks to deliver in the most cost- effective way.
  • Perform other related duties as assigned.
  • Core Competencies: Applying Expertise; Effective Communication; Learning and Knowledge Sharing; Organizational Commitment; Results-Focused, and; Teamwork and Collaboration.
  • Essential Functional Competencies: Analysis, Judgement and Decision Making; Client and Service Orientation; Innovation and Facilitating Change; Planning and Organizing, and; Successful Management.
  • Essential Technical Competencies: Sound understanding of threat and risk management and business continuity methodologies and best practice; Knowledge and understanding of organizational critical processes and activities. Strong internal control system assessment skills. Ability to develop, revise and update policies, protocols, and guidance. Readiness to provide internal awareness, training, advice, and support related to enterprise risk management and the ORMS.
Qualifications required
  • Advanced university degree in political science, international relations, law, finance, business/public administration, crisis management, military affairs, insurance, or a related field OR education from a reputed college of advanced education with a diploma of equivalent standard to that of an advanced university degree in one of the fields above.
  • For internal candidates, a first university degree in one of the fields above in combination with ten years of qualifying experience may be accepted in lieu of an advanced university degree for promotion or rotation purposes.
  • Highly desirable internationally recognized certifications would be those in risk management, business continuity, and audit.

To apply for this job please visit