Mission for Essential Drugs and Supplies (MEDS) is a registered trust of the Kenya Conference of Catholic Bishops (KCCB) and Christian Health Association of Kenya (CHAK) with the mandate to provide reliable, quality and affordable essential drugs, medical supplies, training and other pharmaceutical services.

Responsibilities or duties

The position will report to the Internal Audit and Risk Manager and will be responsible for identifying, assessing, monitoring and mitigating risks while ensuring the organization complies with regulatory and internal policies.

• Work with management to identify, assess and develop mitigation plan for risks according to the organization’s Enterprise Risk Management framework and update the enterprise risk profile.
• Provide assurance over strategic risks faced by the organization and develop relationships with both internal and external stakeholders in managing the risks.
• Perform risk assessments, scenario analysis and stress tests on financial, operational, business continuity and compliance risks
• Implement risk mitigation strategies tailored to identify and address potential threats and identify opportunities for the organization to harness.
• Proactively follow up on action plans developed by management or various committees to address risk exposures and report on the outcomes
• Prepare risk and compliance reports for presentation to senior management and the Board
• Monitor key risk indicators (KRIs) using both lagging and predictive indicators
• Implement and maintain internal risk and compliance policies and procedures
• Support with the development ,implementation and testing of comprehensive business continuity planning (BCP) strategies and disaster recovery plans
• Conduct ICT related risk assessments, vulnerability and penetration testing around the ICT infrastructure and related assets. A
• Identify and investigate compliance breaches, fraud or unethical practices
• Conduct training sessions for employees on risk management to facilitate the embedding of a risk-conscious culture across the organization
• Work closely with Heads of Departments and Sectional Managers to address risk and compliance concerns
• Keep abreast with the applicable laws, regulations, rules and standards in the risk and compliance fraternity and advice on emerging developments
• Act as a point of contact for regulators, auditors, and external compliance bodies on issues relating to risk management within the organization.

Qualifications or requirements (e.g., education, skills)

• Bachelor’s degree in accounting, finance, or any related business degree from a recognized institution
• Be a Certified Public Accountant (K) or other recognized equivalent qualifications
• Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification or equivalent is an added advantage.
• Ability to work with and therefore provide assurance over ICT infrastructure and Assets various IT systems and ERPs, Syspro ERP is an added advantage.
• Technical competencies; Knowledge of Auditing Standards, information systems auditing, Risk Management principles, Financial analysis, Data analytics and Regulatory compliance standards
• Behavioural competencies: Communication skills, problem-solving skills, analytical skills, high level of integrity self-driven, confidentiality and interpersonal skills

Experience needed

• At least 5 years of experience in Risk Management and/or auditing
• Experience in implementing risk management is desired

• Work with management to identify, assess and develop mitigation plan for risks according to the organization’s Enterprise Risk Management framework and update the enterprise risk profile.
• Provide assurance over strategic risks faced by the organization and develop relationships with both internal and external stakeholders in managing the risks.
• Perform risk assessments, scenario analysis and stress tests on financial, operational, business continuity and compliance risks
• Implement risk mitigation strategies tailored to identify and address potential threats and identify opportunities for the organization to harness.
• Proactively follow up on action plans developed by management or various committees to address risk exposures and report on the outcomes
• Prepare risk and compliance reports for presentation to senior management and the Board
• Monitor key risk indicators (KRIs) using both lagging and predictive indicators
• Implement and maintain internal risk and compliance policies and procedures
• Support with the development ,implementation and testing of comprehensive business continuity planning (BCP) strategies and disaster recovery plans
• Conduct ICT related risk assessments, vulnerability and penetration testing around the ICT infrastructure and related assets. A
• Identify and investigate compliance breaches, fraud or unethical practices
• Conduct training sessions for employees on risk management to facilitate the embedding of a risk-conscious culture across the organization
• Work closely with Heads of Departments and Sectional Managers to address risk and compliance concerns
• Keep abreast with the applicable laws, regulations, rules and standards in the risk and compliance fraternity and advice on emerging developments
• Act as a point of contact for regulators, auditors, and external compliance bodies on issues relating to risk management within the organization.

• Knowledge of Auditing Standards, information systems auditing, Risk Management principles, Financial analysis, Data analytics and Regulatory compliance standards
• Communication skills, problem-solving skills, analytical skills, high level of integrity self-driven, confidentiality and interpersonal skills

• Bachelor’s degree in accounting, finance, or any related business degree from a recognized institution
• Certified Public Accountant (K) or other recognized equivalent qualifications
• Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification or equivalent is an added advantage.
• Ability to work with and therefore provide assurance over ICT infrastructure and Assets various IT systems and ERPs, Syspro ERP is an added advantage.