Location: Nairobi, IHUB, Kenya (Hybrid)Type: Full-timeJob Requisition ID: JR00000948 About the International Rescue Committee The International Rescue Committee (IRC) is one of the world’s largest and most respected humanitarian organisations, responding to the most severe crises and helping restore safety, health, education, and economic stability to people affected by conflict and disaster. Founded in 1933 at the call of Albert Einstein, IRC now operates in more than 40 countries and 29 U.S. cities, empowering millions to survive, recover, and rebuild their lives. The organisation’s mission is driven by its core values — Integrity, Service, Accountability, and Equality — and by an enduring commitment to uphold the dignity, safety, and rights of vulnerable populations. IRC’s diverse teams work tirelessly to deliver lasting solutions, strengthen communities, and promote resilience through evidence-based humanitarian action. Job Summary The IRC is seeking a Governance, Risk & Compliance (GRC) Manager to lead, enhance, and scale its GRC function within the Global Information Security (GIS) department. Reporting to the Senior Director, Technology, Operations, and Information Security, the GRC Manager will be responsible for consolidating and optimising existing GRC frameworks, strengthening compliance structures, and advancing the organisation’s information security governance. This position is ideal for a self-driven professional with a strategic mindset, capable of leading independently while innovating new methods to manage risk, governance, and compliance within a complex, global organisation. Key Responsibilities Information Security Governance Act as a strategic partner to senior leadership, aligning GRC initiatives with organisational priorities to enhance resilience and reputation. Develop and refine a metrics programme for monthly and quarterly reporting, offering data-driven insights on security performance and risks. Lead a comprehensive global security training and awareness programme to strengthen compliance culture across all IRC teams. Expand and optimise the organisation’s GRC platform, improving integration, efficiency, and visibility across business units. Information Security Risk Management Identify, assess, and prioritise risks in alignment with IRC’s risk appetite, maintaining an up-to-date GIS Risk Register. Develop proactive risk mitigation strategies and ensure continuous monitoring of key security risks. Oversee third-party risk management, including the deployment and use of the Vendor Risk Assessment (VRA) module. Integrate threat intelligence into the risk framework, applying predictive analytics to anticipate emerging cyber threats. Information Security Compliance Ensure adherence to global laws, regulations, and industry standards including GDPR, ISO 27001, NIST Cybersecurity Framework, and NIST 800-171. Collaborate with Legal, Supply Chain, and Finance teams to ensure contract compliance and donor requirements are met. Conduct regular audits, cyber risk assessments, and control assurance activities to strengthen compliance posture. Promote understanding and application of policies across the organisation through ongoing compliance assessments. Strategic Thought Leadership Stay informed on emerging trends, regulatory changes, and best practices in cybersecurity, data privacy, and ethical AI use. Refine policies and processes to meet evolving compliance demands and maintain organisational readiness. Establish and track GRC metrics and KPIs to evaluate effectiveness, benchmark against industry standards, and support continual improvement. Organisational Culture and Engagement Champion a culture of security awareness and compliance across all levels of the organisation. Design role-specific training programmes to address unique information security risks. Promote accountability and ownership for data protection and ethical compliance within teams. Key Working Relationships Reports to: Senior Director, Technology, Operations, and Information SecurityCollaborates with: Legal, Supply Chain, IT, and regional GRC teams Education and Experience Bachelor’s degree in a relevant discipline; a Master’s in Computer Science, Cybersecurity, or Information Systems is preferred. Minimum 3–6 years of experience in GRC programme management, including at least 2 years in a leadership role. Previous experience in a global organisation required; non-profit or humanitarian experience is an advantage. Hands-on experience implementing and operating a GRC platform. Strong understanding of cybersecurity, risk management, incident response, and data protection laws. Skills and Competencies Proven ability to develop governance frameworks and enforce policy standards. Leadership and facilitation skills to guide internal working groups and governance bodies. Strong problem-solving, analytical, and change management capabilities. Excellent written and verbal communication skills with a focus on stakeholder engagement. Proficiency in managing third-party/vendor risk assessments. Adaptability to evolving threats and commitment to continuous improvement. Certifications: CISSP, CISM, CRISC, or equivalent are highly desirable.Languages: English (required); knowledge of other languages is an advantage. Working Environment The position is hybrid, based in Nairobi, Kenya, with limited travel requirements. The IRC offers a dynamic, inclusive, and collaborative environment committed to personal and professional growth. All IRC employees are expected to adhere to the IRC Way – Standards for Professional Conduct, which include Integrity, Service, Accountability, and Equality, along with policies on Safeguarding, Anti-Harassment, Fiscal Integrity, and Anti-Retaliation. Why Work with the IRC At the IRC, every role contributes to meaningful impact. Employees collaborate globally to develop innovative, data-driven solutions that transform lives. The organisation values diversity, inclusion, and continuous learning, providing safe, supportive environments and opportunities for professional advancement. Join the IRC and be part of a global force for humanity—working together to restore hope and dignity to millions worldwide. VISIT OFFICIAL WEBSITE TO APPLY For more opportunities such as these please follow us on Facebook, Instagram , WhatsApp, Twitter, LinkedIn and Telegram Disclaimer: Global South Opportunities (GSO) is not the hiring organization. For any inquiries, please contact the official organization directly. Please do not send your applications to GSO, as we are unable to process them. Due to the high volume of emails, we receive daily, we may not be able to respond to all inquiries. Thank you for your understanding.