Vacancy title:
Manager, Governance Risk & Compliance Job

[Type: FULL_TIME, Industry: Healthcare, Category: Admin & Office]

Jobs at:
AdaptHealth

Deadline of this Job:
Thursday, July 31 2025

Duty Station:
Kenya | Nairobi | Kenya

Summary
Date Posted: Monday, July 21 2025, Base Salary: Not Disclosed

Similar Jobs in Kenya
Learn more about AdaptHealth
AdaptHealth jobs in Kenya

JOB DETAILS:

Essential Functions and Job Responsibilities:

• Collaborates with Enterprise Security leadership to develop and mature ADAPTHEALTH’s information security program through effective governance, risk management, and security-control monitoring.
• Manage the Enterprise Security Policies & Standards lifecycle: creation, annual reviews, internal testing, and NIST alignment, serving as the framework for our information security management system.
• Manage the Information Security Risk Management Program, including:
• Defining program standards and guidelines
• Maintaining the Risk Register (identifying, analyzing, rating risks; documenting compensating controls and remediation plans)
• Reviewing and approving exceptions to security policies
• Developing Risk Metrics and Key Risk Indicators for Board-level reporting
• Evaluates third-party vendor security and compliance practices, establishes vendor-risk processes, and monitors contractual obligations.
• Oversees Third-Party Risk Management:
• Managing vendor security questionnaires and interpreting responses
• Reporting vendor-profile results and remediating gaps to meet minimum security requirements.
• Preparing regular governance reports and improvement recommendations for cross-functional stakeholders
• Identifies needs for security awareness training and partners with Learning & Development and Compliance to develop and implement relevant courses.
• Delivers IT security and compliance training and educational materials to promote a culture of awareness.
• Develops and executes the GRC maturity roadmap, leading related projects, and initiatives.
• Partners with IT management, risk managers, corporate compliance, and legal to perform and maintain business-impact and risk assessments (e.g., system downtime, unauthorized access).
• Coordinates with internal and external auditors to facilitate IT audits, respond to findings, and implement corrective actions.
• Provides input to—and supports implementation of—security controls for clinical and finance applications, maintaining strong relationships with application owners to address emerging issues.
• Keeps informed on new and emerging information security trends and best practices.
• Oversee periodic and on-demand system and vulnerability assessments to ensure compliance (including user and application access reviews).
• Manage incident response and disaster recovery and business continuity efforts in the event of security breaches or IT incidents.
• Implements IT governance metrics and reporting to evaluate initiative effectiveness.
• Conducts ongoing IT risk assessments and recommends mitigation strategies in alignment with business objectives.
• Establishes and manages compliance programs and the Periodic User Access Review (e.g., Sarbanes-Oxley, HIPAA, SOC, SOX), ensuring adherence and coordinating related audits.
• Develops and maintains IT governance frameworks, standards, and policies, collaborating with executive management to enforce them.
• Provides regular updates and reports to senior management on IT governance, risk, and compliance, translating technical matters for non-technical stakeholders.
• Contributes to or leads other department-specific and cross-functional initiatives as needed.
• Maintain confidentiality of all investigations, projects, patient confidentiality, and function within the guidelines of HIPAA.
• Completes assigned compliance training and other educational programs as required.
• Perform other related duties as assigned.

Management/Supervision:

• Responsible for selection and hiring of qualified staff, ensuring an effective on-boarding, and providing comprehensive training and regular feedback.
• Accomplishes staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards.
• Establishes annual goals and objectives for the department based on the organization’s strategic goals.
• Responsible for achieving organizational performance and retention goals, including timely completion of performance evaluations.

Competency, Skills, and Abilities:

• Excellent verbal and written communications skills.
• Self-starter with ability to work independently to create, build, and manage frameworks and programs.
• Ability to analyze and present critical information to all levels of staff from general employee level to Board-level reporting metrics.
• Ability to source, analyze, negotiate, select, and manage third-party vendors to achieve program deliverables.
• Must have excellent interpersonal skills to effectively communicate with all levels of hospital personnel, vendors, IT personnel, and direct reports.
• Strong prioritization, multi-tasking, and time management skills.
• Explicit knowledge of cyber security controls, implementation, compliance, and governance across the cyber security stack of technologies.
• Ability to investigate and discover root challenges, issues, and complexity of implementations to uncover cyber issues.
• Thorough understanding of risk analysis and audit tracking.
• Extensive knowledge of current common paradigms for violating system integrity.
• Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others quickly and thoroughly on key Enterprise Security concepts.
• Knowledge of Federal and State regulations including HIPAA and SOX.
• Knowledge of industry leading frameworks including NIST CSF, HIPAA, ISO 27001, SOC 2, ITIL, and SOX.

Requirements

Education and Experience Requirements:

• Bachelor’s Degree in Computer Science, Computer Engineering, MIS, or related field
• 8+ years of relevant experience focusing on security policy creation and lifecycle management, auditing methodology, technology risk management, and third-party risk management.
• Experience in conducting risk assessments and implementing risk management strategies. Security industry certifications such as CISM, CISSP, CRISC, and ISSMP are desirable.\

Physical Demands and Work Environment:

• Must be able to bend, stoop, stretch, stand, and sit for extended periods.
• Work environment may be stressful at times, as overall office activities and work levels fluctuate.
• Ability to perform repetitive motions of wrists, hands, and/or fingers due to extensive computer use.
• Subject to long periods of sitting and exposure to computer screen.
• May be required to work at various locations.
• Must possess mental alertness to make quick decisions and interpret complex information.
• Excellent ability to effectively communicate both verbally and written with customers with the ability to demonstrate empathy, compassion, courtesy, and respect for privacy.
• Mental alertness to perform the essential functions of position.
• Ability to work after non-business hours as needed.

Work Hours: 8

Experience in Months: 96

Level of Education: bachelor degree

Job application procedure

Interested in applying for this job? Click here to submit your application now

All Jobs | QUICK ALERT SUBSCRIPTION