Director, Enterprise Risk Management & Compliance

The Director of Risk & Compliance supports RFE/RL’s risk management system to continuously improve and mature the organization’s financial and regulatory compliance policies and controls and its adherence to them. The role’s primary objective is to ensure effective compliance, process, and reporting controls to protect the organization against fraud, abuse, unethical, and illegal conduct and associated financial loss. The position requires an independent, articulate, and process-oriented professional to further mature and improve RFE/RL’s risk management controls.

The Director of Risk and Compliance acts under the auspices and authority of the Vice President and Chief Financial Officer (CFO), who has a fiduciary responsibility to ensure a strong assurance and compliance function. The Director of Risk and Compliance thus has the authority and responsibility to assess and implement a strong assurance and compliance program within the scope of those fiduciary responsibilities.

The position reports functionally to the VP & CFO and operationally to the Comptroller. As such, the CFO sets strategic goals and the Comptroller sets tactical goals and approves the Director’s proposed action plans. The Comptroller prepares the Director’s performance review with input from the CFO.

The Director of Risk & Compliance is accountable to the CFO and the Comptroller for R&C’s organization, function, and performance. Accountability means undertaking and fulfilling the responsibilities listed below, whether or not delegated, in a manner that (a) is consistent with RFE/RL’s ethical principles set out below and (b) advances (i) R&C’s mission, in general, and (ii) the goals and objectives set out in R&C’s annual plan, in particular.

ROLE & RESPONSIBILITIES:

• Evaluate RFE/RL’s compliance and regulatory control processes to determine maturity and effectiveness and ensure that organizational risks are appropriately identified and managed.
• Evaluate policies, procedures, and governance processes to assess compliance with laws, standards, and regulations; effectiveness of controls; and efficiency of operations
  • Based on those findings, recommend relevant control, process, and procedure improvements.
• In conjunction with the Comptroller, develop and execute a flexible annual R&C plan to test adherence to internal controls; RFE/RL policies; U.S. Government rules, regulations, and policies, including the Uniform Guidance; all U.S., Czech, and local legal and regulatory requirements that encompasses, but is not limited to, the following:
  • A detailed audit methodology in alignment with  RFE/RL compliance and regulatory risk priorities and, as appropriate and applicable, industry best practices.
  • A pragmatic audit schedule to identify compliance status and process maturity.
  • Written internal audit reports with particular emphasis on financial and management accounting controls.
  • Written internal policy and procedure recommendations.
  • A system for logging, rating, and tracking instances of weakness or non-compliance.
  • Provision for an annual report for the CFO and the Comptroller on the effectiveness and accomplishments of that annual R&C plan.
• Report significant findings to senior management and make recommendations for improvements related to non-compliance, risks, controls, efficiencies, and ethics standards.
  • Track the adequacy and effectiveness of corrective actions taken and report results to senior management
• Cooperate with external auditors to provide internal control and compliance support documentation.
• Participate in document reviews as needed to assess for policy compliance and corporate risk.
• Participate in the annual strategic planning process to the extent necessary and appropriate to identify business risks that derive from the corporation’s strategic goals and action plans.
• Evaluate and respond to allegations of non-compliance within RFE/RL, including, in coordination with the General Counsel, ethics violations.
• Act as the CFO’s and Comptroller’s representative to RFE/RL’s Executive Security Forum for the purpose of reporting internal compliance activities and status reports and otherwise actively participate and support RFE/RL’s Executive Security Forum to institute mature and improved governance and risk management processes and procedures.
• Liaise with the Manager, IT Security Compliance, including collaborating on joint efforts to ensure compliance with RFE/RL’s policies and procedures as necessary and appropriate.
• Support the CFO on reporting compliance activities to the President and Board of Directors.
• Support any necessary financial, compliance, risk management or internal financial investigations as required in coordination with the General Counsel, USAGM or other institutions.
• Partner with management in other RFE/RL divisions and departments to improve operations, processes, and compliance across the organization. 
• With approval of the CFO, obtain and direct any external service providers as necessary in the fulfillment of these responsibilities.
• Update job knowledge by participating in educational opportunities, reading professional publications, participating in professional organizations, and maintaining requirements for appropriate certifications.
• Perform special projects, including consulting and advisory services related to governance, risk management, and controls, at the request of the CEO, CFO, or Comptroller as appropriate.

The Director of Risk & Compliance shall uphold the following principles:

• Integrity – The integrity of R&C establishes trust and thus provides the basis for reliance on their judgment.
• Objectivity – R&C exhibits the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. R&C makes a balanced assessment of all the relevant facts and circumstances and is not influenced by its own interests or by others in forming judgments.
• Confidentiality – R&C respects the value and ownership of information it receives, is cognizant at all times of applicable data protection regulations, including GDPR, and does not disclose information without appropriate authority.

Competency – R&C applies the knowledge, skills, and experience needed to perform assurance and risk management services.

QUALIFICATIONS

Education:

• Bachelor’s Degree – mandatory.

• Bachelor’s Degree or Advanced Degree in Accounting, Law, Business Management or Finance – strongly preferred.

Certification as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), or Certified Information Systems Auditor (CISA) – preferred.

Work Experience:

• Minimum of 5 years of internal auditing or public accounting experience with progressive responsibilities encompassing business and financial risk management, internal controls, business administration, and/or information technology – mandatory
• A high familiarity with international organizations and financial controls, particularly those with U.S. Government grants or contracts – strongly preferred.

Professional Skills:

• Culturally facile with familiarity with a multi-office, multi-national organizational environment and an ability to interact professionally with culturally and linguistically diverse staff and clients.
• Strong analytical skills, with the ability to develop process-driven financial control systems within a complex international organization
• Solution Builder, who can work independently across RFE/RL teams and locations to improve our compliance controls.
• Proven leadership qualities in an international organization with strong verbal and written communication skills and a demonstrated ability to communicate complex information clearly and concisely to a wide range of audiences, including RFE/RL senior management.
• Risk Strategist with in-depth experience and know-how building financial risk management control processes in an international work environment.
• Ethics Subject Matter Expert with knowledge of the standards for the Professional Practice of Internal Auditing and the Code of Ethics as developed by the Institute of Internal Auditors.
• Discrete having had experience handling confidential, sensitive data and issues with a high degree of discretion.
• Strength of character, demonstrating integrity, objectivity, and competence necessary to build trust in their position and work effectively across the RFE/RL organization.
• Self-starter who is highly organized, detail-oriented, and has the ability to take initiative and work both independently and as member of a team.
• Willingness to travel internationally (25%) with sensitivity to different cultures and world views, with previous experience working across multicultural teams.

Skills:

• Familiarity with U.S. Government contract regulations, particularly the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) – strongly preferred
• Practical knowledge of financial applications, such as PeopleSoft or equivalent, and reporting capabilities, and process controls – mandatory
• Strong competence in accounting and financial risk management, including fraud protection processes – mandatory
• End‑user knowledge of MS Office applications, accounting software, and data analytic tools –  mandatory

Languages:

• English fluency (Mandatory)
• Czech (Desirable)  
• Other languages (Desirable)