Senior Information System Auditor

INF 4 – Senior Information System Auditor (1)
Employment Type: Permanent & Pensionable
Location: Lusaka Province
Closing Date: July 31, 2025
Job Description

The Senior Information Systems Auditor (SISA) is an operational position responsible for providing an independent and objective assurance over the general and application controls and risk management of Infratel’s Information and technology systems, Cybersecurity, Telecommunications and tower site infrastructure, and networks. This role includes identifying potential risks in information systems, networks and recommending an action plan to prevent security breaches in the technology ecosystem. The SISTA will be involved in the planning, execution of audit procedures and drafting internal Information Systems and Technical audit reports for the attention of the Head of Internal Audit and Risk. Responsibilities will further include supporting the Risk and Business Continuity functions in the coordination and implementation of the risk assessment, cyber risks, business continuity management, awareness training and disaster recovery plan.

Key Responsibilities

INFORMATION SYSTEM (IS) ANDTECHNICAL AUDIT PLANNING

Participates in the development and implementation of the overall Information Systems annual Internal audit plan.Participate in the formulation of departmental budget and strategy.Supports the Head Internal Audit and risk in the design and implementation of the audit policies, framework, systems, and procedures.Develop engagement risk assessment and strategy and audit programs.

IS AUDIT EXECUTION AND MANAGEMENT

Conduct Information Systems (IS) operational, Technical, governance and compliance audits.Perform risk based IS & Technical audits and review of systems, all applications and IS processes in accordance with Global Audit Standards and Global IT audit standards.Prepare draft IS audit reports for HIAR review and management action.Review IT policies and procedures, evaluation of control effectiveness and cyber and privacy processes.Keep abreast with emerging technologies, identify corresponding risks and mitigation plans.Provide business support in optimizing the Data Centre technology costs and various project implementation.Conduct revenue assurance audits on service provisioning.Conducts IT audit on technical processes of towers.

BUSINESS CONTINUITY AND RISK MANAGEMENT

Support the business in developing and implementing Disaster Recovery Plan procedures.Provide management with the assurance on the operational and control effectiveness of the Information Technology Disaster Recovery plan, cybersecurity and risk framework.Provide guidance on Business and IT management on IT risk management matters, particularly on application and infrastructure security and disaster recovery.Support in the development of IT related Key Risk Indicators (KRIs).Participate inthe identification, assessment, and development of risk mitigation strategies on various IT and cyber risks in an advisory capacity.

COMPLIANCE

Perform IT audits in conformity with the International Standards for Professional Practice framework, ISO 27001-2022, risk management and business continuity best practices and other standards.Keep abreast with ZICTA, ICTAZ, Bank of Zambia, Cyber Security act, Data protection and privacy laws and any other relevant laws.Supports in the development of relevant IT, Control and Risk related policies and procedures of Infratel.Compliance recent IT Governance Standards, ITIL, data privacy laws and other IT regulations and frameworks.

TRAINING

Conduct Internal control, business continuity and risk awarenesstraining to staff.Participate in the mentoring and training audit staff to ensure they areup to date with IT controls and developments affecting Infratel.Stay up todate with relevant IT Audit certifications and developments.

PEOPLE MANAGEMENT AND RELATIONSHIPS

Supervise audit and risk staff in the absence of the Manager InternalAudit and Risk,Actively and professionally interact with the cyber and informationsecurity team, risk officer and all auditees,Exercise professional diplomacy in communication and conflict resolutionalways.

Minimum Qualifications

 

CRISC, CISM,CSX-P, CGEIT , CISSP will be an added advantage.Member of either ISACA,ICTAZ and/or IIA Zambia.

Key Competencies and Skills

KEY KNOWLEDGE

Technical knowledge in IT audits, risk, Telecommunications,tower site management, and security.Good knowledge of various IT and software developmentframeworks and cycle.Good knowledge of Cybersecurity and related controls.Good knowledge of various frameworks such as COBIT 5and ITIL.Good knowledge of Data Centre operations.Good knowledge IT Disaster Recovery processes.

KEY SKILLS

Leadership and management skills.Ability to collaborate and work with a team.Strong oral and written communication skills.Excellent interpersonal skills to professionallyinteract with HoDs and staff.Strong business acumen applied to execution of ITaudits.Good risk and Project Management skills.

KEY ATTRIBUTES/COMPETENCIES

Logical thinking and problem solving.Highly proven ethical conduct and free from criminal record.Attention to detail with tenacity for identifying the root cause ofaudit findings.Uphold strongprofessional and ethical values which includes confidentiality, integrity,professional due care.

Years of Experience Required

Minimum two (2) years practical experience in ITAudits in a fast-paced Information (Data Centre) and Telecommunications sector.

Minimum two (2) years’ experience in the external audit such as the topfour audit firms.