Share this job

Internal auditor, control and risk officer

Type of position:  Contract agent
Job Type:  29 November 2021 23:59 CET

Job grade: FGIV 

Internal job grade:  

Type of position: Contract agent 

Selection procedure reference: EMA/CA/6725 

Job title: Internal auditor, control and risk officer 

Deadline for applications: 29 November 2021 23:59 CET 

About this role

The European Medicines Agency (EMA) is looking to fill positions as internal auditor, control and risk officer for various entities of the Agency.

Under supervision of the relevant Head/s of Entities, you will contribute to creating awareness within the Agency on these topics and foster the development of a culture where risks and opportunities are proactively identified, assessed and controlled in all areas.

Job description

Under supervision of the relevant Head/s of Entities, you will be:


For internal audit role:

  • conducting internal audit and consultancy activities at the EMA according to the IIA’s professional practices framework;
  • contributing to the strengthening of the agency’s internal controls, risk management and governance by following up on audit recommendations;
  • supporting the quality assurance and improvement plan of the internal audit function and the implementation of digital technologies supporting its activities;
  • supporting internal audit management in planning and monitoring the audit function’s activities and developing new methodologies.

For internal control and risk officer role:

  • contributing to the maintenance and improvement of the Agency’s internal control system;
  • developing and maintaining performance measurements to assess the effectiveness of the systems;
  • ensuring timely data collection, aggregation, analysis, and reporting of quality indicators; developing and maintaining policies and procedures related to internal control system;
  • managing electronic storage of corporate controlled documents (e.g. SOPs, Policies, Decisions, Guidance);
  • acting as the main contact point in relevant Function/Department for the activities related to process management and risk management;
  • coordinating the overall process quality assurance, ensuring the process repository is maintained with fit-for-purpose processes, and identified process quality controls are implemented;
  • creating and maintaining fit-for-purpose processes for EMA, in line with the Target Operating Model and agile ways of working and drive continuous improvement on these processes;
  • defining and maintaining the corporate wide Risk framework for the relevant Function/Department, monitor risks and mitigations on Function/Department level and maintain the risk register.

Eligibility criteria

To be eligible for consideration for this position, you are required to meet the following general and specific eligibility conditions:

1. enjoy full rights as a citizen of a European Union Member State, Iceland, Lichtenstein or Norway;

2. have a thorough knowledge of English (at least level C1) and a satisfactory knowledge of another official language of the European Union (at least level B2);

3. have fulfilled any obligations imposed by applicable laws concerning military service.

Specific conditions:

1. possess a university degree of a minimum of three years, that must have been obtained by the closing date of this vacancy notice;

For general eligibility criteria 1 and specific eligibility criteria 1, you will be required to provide proof in the application form and at the interview stage. Failing to present these documents may result in the disqualification from the selection procedure.

Assessment Criteria

Essential criteria:

  • At least two years of experience in auditing, internal control or risk management functions;
  • Experience in dealing with internal/external stakeholders;
  • Experience in coordinating and organising projects and/or initiatives.

Desirable criteria:

  • Professional certifications such as CIA, CISA, CRMA, CCSA, MoR (Management of Risk);
  • Knowledge, understanding and practice of IIA Standards and Code of Ethics;
  • Knowledge, understanding and practice of ISO 9001 and 31000;
  • Proven experience of track record in IT Governance, Risk & Compliance (GRC);
  • Proficiency in using and development of new documents using key professional software (spreadsheets, word processing, presentations, collaborative work, video - conferencing, project planning) provided by Microsoft Office or equivalents;
  • Experience using software providing workflow management or tracking tools;
  • Knowledge of and experience with process (re-)design;
  • Understanding of relevant technologies, including encryption, cloud and data classification;
  • Knowledge and understanding of the COSO framework;
  • Knowledge and understanding of the COBIT framework.

Behavioural competencies:

  • Analysing and problem solving: able to tackle difficult problems/tasks. Evidence-based approach gathers information from a wide range of sources and viewpoints, analyses and evaluates it to reach sound conclusions. Proposes constructive solutions;
  • Communicating: presents a professional image of self, team and Agency. Conveys information clearly and concisely, adjusting style according to purpose and audience. Able to persuade and challenge diplomatically;
  • Delivering quality and results: manages own time effectively, responding flexibly, meeting objectives and quality standards. Demonstrates the financial and resource management expertise necessary to achieve results. Professional, focused on delivering quickly and effectively. Takes well-judged risks within own delegated authority;
  • Prioritising and organising: organises own work effectively to meet demanding objectives. Uses basic project management techniques to monitor delivery. Aware of resource implications and need to keep internal / external customers and stakeholders of the wider Agency informed. Strong focus on developing and maintaining efficiency in own and team’s working practices;
  • Resilience: as effective in times of normal business as in times of great pressure. Recognises some organisational frustrations are a feature of working life, but remains upbeat and persists, to deliver despite them. Supports organisational resilience by offering own or team’s support where there is pressure elsewhere. Tackles organisational frustrations within own area of control and is able to mitigate impact of difficulties or frustration originating elsewhere. At this level, demonstrates use of basic change management approaches to introduce change in own area, and has a strong focus on identifying changes which offer improvements in own area;
  • Learning and development: open and curious approach to new ideas, drawing on them and on experience to improve performance. Enthusiastic about personal development. Contributes to and supports corporate policies.

Selection procedure timelines

Deadline for applications

29 November 2021

Preliminary assessments

Week 13 December 2021

Final assessments

Starting January 2021

Decision expected

Mid-January 2021

Selection process (part 1)

Only eligible candidates (see eligibility criteria) will be assessed by the selection committee.

Suitability and qualifications of eligible candidates will be assessed against the assessment criteria in different steps of the selection procedure. Before the start of the selection procedure, the selection committee decides which assessment criteria will be used at each stage of the process. Certain criteria will be assessed / scored only for shortlisted candidates during interviews (and/or tests).



In order to allow the selection committee to carry out an objective assessment of all candidates in a structured way, all candidates might have to answer the pre-defined set of questions as part of their application.

The questions are based on the essential and desirable assessment criteria, as well as on behavioural competencies included in this vacancy notice. When answering a question, you should include all relevant information, even if it is already mentioned in other sections of your application form. The selection committee will assess whether you meet all the eligibility criteria, including your suitability for the position, using solely the information provided in the responses to those questions.

To carry out this assessment, the selection committee will first assign each question a weighting that reflects its relative importance, and each of your responses will be awarded points (1 to 10). The points are multiplied by the weighting factor and added up to identify those candidates whose profiles best match the duties to be performed.

Only the candidates with the highest total marks at the shortlisting stage will go through to the next stage.

Selection process (part 2)

Next steps of selection may include a preliminary assessment (Skype, remote test, etc.) and / or an interview and a test in EMA premises. Please note that due to current travel restrictions the assessment may be conducted remotely. All assessments are based on the assessment criteria listed in this vacancy notice.

At this stage, the selection committee will also look at the other sections of your application form (work experience, education, etc.).

Candidates may participate in cognitive (e.g. deductive reasoning) and personality assessments (e.g. SHL occupational personality questionnaire OPQ32) as part of the selection process.


Reserve list and job offers

As a result of the assessments, the Selection Committee will recommend a list of most suitable candidates for the vacant positions. Non-selected, but qualified and suitable candidates may be placed on a reserve list. This reserve list will normally be valid until the end of the next full calendar year, 31 December 2023 (the validity period may be extended).

Each interviewed candidate will be notified in writing whether they have been placed on the reserve list. Candidates should note that the placement on the reserve list does not guarantee an offer of employment.

More information about selection and recruitment at the EMA (including administrative complaint procedure)  is available at: careers website.


Conditions of employment

In principle, the Agency offers a five-year renewable contract. Contracts of a shorter duration may be offered to the candidates placed on the reserve list.

The monthly basic salary, including the local weighting[1] which adjusts salaries to the cost of living in the Netherlands compared to Brussels, is €3,935.91 Note this salary is subject to deductions of community tax, health insurance and pension contribution. 

EMA offers a final salary pension scheme and a world-wide medical insurance.

In addition to the basic salary, the jobholder may be entitled to various additional allowances, including family allowances, such as education allowance for dependent children of school age, and expatriation allowance. Relocation and/or resettlement allowances may also be available upon entry into employment.

More detailed overview of various allowances and entitlements is available at our careers website.

Please consult the Eurostat website for more information about the duty station weighting.


[1] The current weighting for the EMA's location in Amsterdam, the Netherlands, is 113.9. Please consult the Eurostat and Commission websites for more information on weightings.









Domenico Scarlattilaan 6 - 1083 HS Amsterdam - The Netherlands

Telephone +31 (0)88 781 6000 - Email recruitment@ema.europa.eu


© European Medicines Agency, 2020. Reproduction is authorised provided the source is acknowledged.

Job Segment: Audit, Risk Management, Internal Audit, Medical, Cloud, Finance, Healthcare, Technology