Risk Officer

Mission for Essential Drugs and Supplies (MEDS) is a faith-based health solutions provider founded by an ecumenical partnership of the Kenya Conference of Catholic Bishops (KCCB) and the Christian Health Association of Kenya (CHAK). The Organization’s core mandate is being a reliable provider for quality and affordable Health Products and Technologies, Quality Assurance and Health Systems Strengthening Services. MEDS was established in 1986 and serves clients spread throughout Kenya, other regions in Africa and beyond.

The position will report to the Internal Audit and Risk Manager and will be responsible for identifying, assessing, monitoring and mitigating risks while ensuring the organization complies with regulatory and internal policies.

Job Responsibilities
i. Work with management to identify, assess and develop mitigation plan for risks according to the organization’s Enterprise Risk Management framework and update the enterprise risk profile.
ii. Provide assurance over strategic risks faced by the organization and develop relationships with both internal and external stakeholders in managing the risks.
iii. Perform risk assessments, scenario analysis and stress tests on financial, operational, business continuity and compliance risks
iv. Implement risk mitigation strategies tailored to identify and address potential threats and identify opportunities for the organization to harness.
v. Proactively follow up on action plans developed by management or various committees to address risk exposures and report on the outcomes
vi. Prepare risk and compliance reports for presentation to senior management and the Board
vii. Monitor key risk indicators (KRIs) using both lagging and predictive indicators
viii. Implement and maintain internal risk and compliance policies and procedures
ix. Support with the development ,implementation and testing of comprehensive business continuity planning (BCP) strategies and disaster recovery plans
x. Conduct ICT related risk assessments, vulnerability and penetration testing around the ICT infrastructure and related assets. A
xi. Identify and investigate compliance breaches, fraud or unethical practices
xii. Conduct training sessions for employees on risk management to facilitate the embedding of a risk-conscious culture across the organization
xiii. Work closely with Heads of Departments and Sectional Managers to address risk and compliance concerns
xiv. Keep abreast with the applicable laws, regulations, rules and standards in the risk and compliance fraternity and advice on emerging developments
xv. Act as a point of contact for regulators, auditors, and external compliance bodies on issues relating to risk management within the organization.

Qualifications
i. Bachelor’s degree in accounting, finance, or any related business degree from a recognized institution
ii. Be a Certified Public Accountant (K) or other recognized equivalent qualifications
iii. Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification or equivalent is an added advantage.
iv. At least 5 years of experience in Risk Management and/or auditing
v. Ability to work with and therefore provide assurance over ICT infrastructure and Assets various IT systems and ERPs, Syspro ERP is an added advantage.
vi. Experience in implementing risk management is desired
vii. Technical competencies; Knowledge of Auditing Standards, information systems auditing, Risk Management principles, Financial analysis, Data analytics and Regulatory compliance standards
viii. Behavioural competencies: Communication skills, problem-solving skills, analytical skills, high level of integrity self-driven, confidentiality and interpersonal skills

If you fit the profile of this position, please submit your application providing the following MANDATORY requirement:
• Detailed CV stating your current position and salary, expected salary, telephone number and email address
• Copy of National Identity Card

By: 5th November 2025

• Work with management to identify, assess, and develop mitigation plans for risks
• Provide assurance over strategic risks and develop relationships with stakeholders
• Perform risk assessments, scenario analysis, and stress tests
• Implement risk mitigation strategies
• Prepare risk and compliance reports
• Monitor key risk indicators
• Implement and maintain internal risk and compliance policies
• Conduct ICT related risk assessments
• Identify compliance breaches, fraud, or unethical practices
• Conduct training sessions for employees on risk management
• Keep abreast with laws and regulations
• Act as a point of contact for regulators and auditors

• Knowledge of Auditing Standards
• Information systems auditing
• Risk Management principles
• Financial analysis
• Data analytics
• Regulatory compliance standards

• Bachelor’s degree in accounting, finance, or related business degree
• Certified Public Accountant (K) or equivalent
• Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification
• At least 5 years of experience in Risk Management or auditing