Consultancy: PCI Technical Lead, ICTD Digital Core, Solutions Centre and Support (remote, 12 months)

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. 

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone. 

And we never give up. 

For every child, a connected world.

UNICEF continually evaluates the level of PCI exposure in countries with private sector fundraising activities. Countries are provided with short, medium and long term architectural options to reduce PCI noncompliance and data breach risk. The options are founded in the strategic direction, which is to transfer UNICEF’s Card Holder Data (CHD) footprint from internal environments to PCI compliant third-party service providers. Each office has developed a project plan/road map towards meeting compliance, which are in the process of executing.

How can you make a difference? 

UNICEF continually evaluates the level of PCI exposure in countries with private sector fundraising activities. Countries are provided with short, medium and long term architectural options to reduce PCI non-compliance and data breach risk.  The options are founded in the strategic direction, which is to transfer UNICEF’s Card Holder Data (CHD) footprint from internal environments to PCI compliant third-party service providers. Each office has developed a project plan/road map towards meeting compliance, which are in the process of executing.

The consultancy will play a hands-on role in the various projects in multiple fund-raising countries to rectify their PCI-DSS compliance status. Multiple countries will need to develop and deploy new PCI compliant solutions and or rectify existing solutions, comprised of technology, people and processes.  The PCI Consultancy will define and review technical architectures and technology solutions, ensure adherence to ICTD’s Reference Architecture, and lead the technical implementation of the solutions. 

The PCI Consultancy will join forces with the country teams to engage with Third Parties (e.g. Agencies, Banks, Payment Service Providers etc) and to jointly design market specific, Third Party specific solutions.  The PCI Consultancy will propose the skill sets and duration required to execute the implementation of the solutions.

The PCI Consultancy will be guided by the UNICEF Information Security policy, PCI Standard, Data Breach Procedure, the standard Reference Architecture as well as by the input from the Global PCI Taskforce.  The PCI Consultancy will contribute to the refinement of the policies, standards and procedures and will promote synergies across offices and regions.

The consultancy will focus on countries in across the globe (mainly in East Asia Pacific or Latin America) and report to Applications and Payment manager in the Information and Communication Technology Division (ICTD), Solutions Center, in Valencia Spain as part of the PCI Global Taskforce.

Scope of Work:  

The consultant will lead and engage with country, regional and HQ teams (Fund Raising, Operations, ICT), and Third Party Service Providers to design and implement PCI alignment solutions for the UNICEF PSFR Country Offices.

The consultant will create a collaborative environment by guiding project participants, project team members, and stakeholders to achieve their objectives, execute the work plans, and reach the desired project results.

Technical Leadership and Support

The consultant will act as a hands-on technical lead of the various projects in multiple fund-raising countries to rectify their PCI-DSS compliance status

Define and review technical architectures and technology solutions.

Create alignment with ICTD’s Reference Architecture.

Lead the technical implementation of the solutions.

Ensure solutions are vetted by the PCI Task Force.

Make day to day technical decisions, adhere to required technical and project governance mandates.

Create required technical documentation.

Review solutions already implemented in markets to determine progress and PCI Alignment.

Get buy-in from country, regions and HQ on proposed designs and project plans. 

Project Leadership and Support

Determine resourcing and cost requirements to implement PCI solutions.

Hands-on management of solution implementations in each country.

Identifying opportunities and risks within and across Country Offices and developing recommendations to capitalize/mitigate them.

Create project plans, orchestrate and utilize Agile and DevOps principles.

Liaise with all project stakeholders, ensuring views of all parties are considered when making recommendations.

Strongly align with the Supporter Engagement Strategy Project (SES) on solution design and recommendations.

Escalate issues to the appropriate level for mitigation/action.

Design post-go live support processes and determine post go live resourcing and costing impact.

Continually advise and evaluate execution plans ensuring they align with the global approach.

Participate in leadership meetings and provide progress reports on functions implemented and updates on the implementation of the solution.

Third Party engagement

Join forces with the country teams to engage with Third Parties (e.g., Agencies, Banks, Payment Service Providers etc.) for technical requirements.

Jointly design market specific, Third Party specific PCI Compliant solutions.

The PCI Consultant will propose the skill sets required to execute the implementation of the solutions to Third Parties.

Policies and Documentation

The PCI Consultant will contribute to the refinement of the policies, standards and procedures and will promote synergies across offices and regions.

They will prepare technical design documentation, integration details and project reporting collateral for the Global PCI Task Force.

 

OVERALL DELIVERABLES

 The PCI Consultant will deliver the following:

• Understand, document and communicate payment card related processes in country offices
• Design Market relevant, UNICEF Architecture aligned, PCI compliant processes and solutions
• Assist country offices in the implementation of the solutions in the countries to rectify their PCI-DSS compliance status
• Create technical project plans
• Provide recommendations for implementing PCI-DSS requirements globally in UNICEF.
• Work with PCI Taskforce to create viable solutions for specific, non-standard issues which arise in country
• Plan for each integration point with Third Party Service Providers
• Establish relationships with key Service Providers in Regions
• Design post-go live support processes and determine post go live resourcing and costing impact.
• Refine UNICEF PCI and Data Privacy Policies by providing input to the Chief of Information Security

Work Assignments Overview	Deliverables/Outputs	Delivery  deadline	Estimated Budget
Priority Country to be process analysis	Updated end-to-end PCI workflow diagrams Mapping of the PCI architecture in the country to UNICEF’s recommended architecture Recommendations document to achieve PCI compliancy in the country Monthly update on country level compliance	By 30 March 2024	8%
Priority Country (P1) guidance and design	Country specific project plan and architecture Review project plan with country level, regional and global stakeholders Engage with third party service providers to confirm and validate plan	By 30 April 2024	8%
Priority Country (P1) Solution implementation	Assist in the physical implementation of relevant PCI controls in the country office Report on controls implemented Updated architecture diagram	By 30 May 2024	8%
Priority Country as-is process analysis	Presentation to PCI Taskforce with understanding of technical landscape and as-is processes	By 30 June 2024	8%
Priority Country to be process analysis	Updated end-to-end PCI workflow diagrams Mapping of the PCI architecture in the country to UNICEF’s recommended architecture Recommendations document to achieve PCI compliancy in the country Monthly update on country level compliance	By 30 July 2024	8%
Priority Country (P1) guidance and design	Country specific project plan and architecture Review project plan with country level, regional and global stakeholders Engage with third party service providers to confirm and validate plan	By 30 Aug 2024	8%
Priority Country (P1) Solution implementation	Assist in the physical implementation of relevant PCI controls in the country office Report on controls implemented Updated architecture diagram.	By 30 Sep 2024	8%
Priority Country as-is process analysis	Presentation to PCI Taskforce with understanding of technical landscape and as-is processes	By 31 Oct 2024	8%
Priority Country to be process analysis	Updated end-to-end PCI workflow diagrams Mapping of the PCI architecture in the country to UNICEF’s recommended architecture Recommendations document to achieve PCI compliancy in the country Monthly update on country level compliance	By 30 Nov 2024	8%
Priority Country (P1) Solution implementation	Assist in the physical implementation of relevant PCI controls in the country office Report on controls implemented Updated architecture diagram.	By 31 Dec 2024	8%
Priority Country as-is process analysis	Presentation to PCI Taskforce with understanding of technical landscape and as-is processes	By 31 Jan 2025	8%
Priority Country to be process analysis	Updated end-to-end PCI workflow diagrams Mapping of the PCI architecture in the country to UNICEF’s recommended architecture Recommendations document to achieve PCI compliancy in the country Monthly update on country level compliance.	By 28 Feb 2025	8%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Please note that depending on project/country readiness and project progress, month deliverables may change.

Reporting structure:  The PCI Consultant will report to the ICT Specialist SCS, ICTD.  

Duration of contract: 12 months 

Travel:  This role will work with UNICEF fund raising markets. Due to the nature of this engagement, it is expected that some meetings must be done face to face in the country and details must be verified locally. This will be covered separately by UNICEF as per current Travel Policy, and not in the lump sum fees.

Financial Proposal:

Please indicate your ability, availability and your overall rate – or rate per deliverable (in US$) to undertake the terms of reference above. Applications submitted without a rate will not be considered. 

To qualify as an advocate for every child you will have… 

• Bachelor Degree in Systems Engineering, or equivalent is required. 
• Five (5) years of Experience in Systems Engineering is required.
• One(1) year experience in Payment processes and exposure to PCI requirements are required. 
• Minimum of one (1) year experience in global software development projects.
• Ability to document payment and card processing specific processes, using best practice methodologies and techniques.
• Hands-on technical expertise and knowledge of enterprise level systems is required.  Experience in CRM systems, CMS and Payment systems is highly desirable.
• Strong ability to design payment solutions and secure operational processes.
• Strong ability to communicate and influence decisions.
• Experience with PCI certifications (Certified PCIP, QSA, ISA, PA-QSA, P2PE PA-QSA etc.) or  Experience with Software Security practices is desirable.
• Fluency in English is required. Knowledge of another official UN language (Arabic, Chinese, French, Russian or Spanish) or a local language is an asset. 

 

For every Child, you demonstrate… 

UNICEF’s values of Care, Respect, Integrity, Trust, Accountability, and Sustainability (CRITAS). 

To view our competency framework, please visit  here. 

UNICEF is her to serve the world’s most disadvantaged children and our global workforce must reflect the diversity of those children. The UNICEF family is committed to include everyone, irrespective of their race/ethnicity, age, disability, gender identity, sexual orientation, religion, nationality, socio-economic background, or any other personal characteristic.

UNICEF offers reasonable accommodation for consultants/individual contractors with disabilities. This may include, for example, accessible software, travel assistance for missions or personal attendants. We encourage you to disclose your disability during your application in case you need reasonable accommodation during the selection process and afterwards in your assignment. 

UNICEF has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and UNICEF, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination. UNICEF also adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo rigorous reference and background checks. Background checks will include the verification of academic credential(s) and employment history. Selected candidates may be required to provide additional information to conduct a background check. 

 

Remarks:  

Only shortlisted candidates will be contacted and advance to the next stage of the selection process. 

Individuals engaged under a consultancy or individual contract will not be considered “staff members” under the Staff Regulations and Rules of the United Nations and UNICEF’s policies and procedures, and will not be entitled to benefits provided therein (such as leave entitlements and medical insurance coverage). Their conditions of service will be governed by their contract and the General Conditions of Contracts for the Services of Consultants and Individual Contractors. Consultants and individual contractors are responsible for determining their tax liabilities and for the payment of any taxes and/or duties, in accordance with local or other applicable laws. 

The selected candidate is solely responsible to ensure that the visa (applicable) and health insurance required to perform the duties of the contract are valid for the entire period of the contract. Selected candidates are subject to confirmation of fully-vaccinated status against SARS-CoV-2 (Covid-19) with a World Health Organization (WHO)-endorsed vaccine, which must be met prior to taking up the assignment. It does not apply to consultants who will work remotely and are not expected to work on or visit UNICEF premises, programme delivery locations or directly interact with communities UNICEF works with, nor to travel to perform functions for UNICEF for the duration of their consultancy contracts.