Mission for Essential Drugs and Supplies (MEDS) is a faith-based health solutions provider founded by an ecumenical partnership of the Kenya Conference of Catholic Bishops (KCCB) and the Christian Health Association of Kenya (CHAK). The Organization’s core mandate is being a reliable provider for quality and affordable Health Products and Technologies, Quality Assurance and Health Systems Strengthening Services. MEDS was established in 1986 and serves clients spread throughout Kenya, other regions in Africa and beyond.
The position will report to the Internal Audit and Risk Manager and will be responsible for identifying, assessing, monitoring and mitigating risks while ensuring the organization complies with regulatory and internal policies.
Job Responsibilities i. Work with management to identify, assess and develop mitigation plan for risks according to the organization’s Enterprise Risk Management framework and update the enterprise risk profile. ii. Provide assurance over strategic risks faced by the organization and develop relationships with both internal and external stakeholders in managing the risks. iii. Perform risk assessments, scenario analysis and stress tests on financial, operational, business continuity and compliance risks iv. Implement risk mitigation strategies tailored to identify and address potential threats and identify opportunities for the organization to harness. v. Proactively follow up on action plans developed by management or various committees to address risk exposures and report on the outcomes vi. Prepare risk and compliance reports for presentation to senior management and the Board vii. Monitor key risk indicators (KRIs) using both lagging and predictive indicators viii. Implement and maintain internal risk and compliance policies and procedures ix. Support with the development ,implementation and testing of comprehensive business continuity planning (BCP) strategies and disaster recovery plans x. Conduct ICT related risk assessments, vulnerability and penetration testing around the ICT infrastructure and related assets. A xi. Identify and investigate compliance breaches, fraud or unethical practices xii. Conduct training sessions for employees on risk management to facilitate the embedding of a risk-conscious culture across the organization xiii. Work closely with Heads of Departments and Sectional Managers to address risk and compliance concerns xiv. Keep abreast with the applicable laws, regulations, rules and standards in the risk and compliance fraternity and advice on emerging developments xv. Act as a point of contact for regulators, auditors, and external compliance bodies on issues relating to risk management within the organization.
Qualifications i. Bachelor’s degree in accounting, finance, or any related business degree from a recognized institution ii. Be a Certified Public Accountant (K) or other recognized equivalent qualifications iii. Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification or equivalent is an added advantage. iv. At least 5 years of experience in Risk Management and/or auditing v. Ability to work with and therefore provide assurance over ICT infrastructure and Assets various IT systems and ERPs, Syspro ERP is an added advantage. vi. Experience in implementing risk management is desired vii. Technical competencies; Knowledge of Auditing Standards, information systems auditing, Risk Management principles, Financial analysis, Data analytics and Regulatory compliance standards viii. Behavioural competencies: Communication skills, problem-solving skills, analytical skills, high level of integrity self-driven, confidentiality and interpersonal skills
If you fit the profile of this position, please submit your application providing the following MANDATORY requirement: • Detailed CV stating your current position and salary, expected salary, telephone number and email address • Copy of National Identity Card
By: 5th November 2025
Note: This position is open to local hires only. Late applications will not be considered and only short-listed applicants will be contacted.
