The Junior Data Protection Auditor supports the delivery of data protection compliance audits under the supervision of mid-level and senior auditors. The role is designed for early-career professionals seeking to develop specialist expertise in data protection auditing aligned to the Zambia Data Protection Act No. 3 of 2021 and the ODPC licensed auditor framework. The incumbent will assist in audit fieldwork, evidence collection, policy review, report drafting, and stakeholder awareness activities.

Jobs in Zambia

Key Responsibilities

• Assist in the planning and execution of annual and ad hoc data protection audits under the direction of a senior auditor.
• Collect and organise audit evidence from client organisations, including policies, procedures, system configurations, and processing records.
• Support the assessment of compliance with the Data Protection Act No. 3 of 2021, reviewing data processing activities, consent practices, and data subject rights mechanisms.
• Document audit findings, observations, and supporting evidence in working papers.
• Assist in identifying gaps, risks, and non-compliance indicators in data protection practices.
• Draft sections of audit reports, recommendations, and findings summaries under supervision.
• Participate in client interviews and walkthroughs alongside senior auditors.
• Review data protection policies, privacy notices, data processing agreements, and internal procedures for completeness and adequacy.
• Support the promotion of data protection awareness during client engagements.
• Maintain accurate and complete audit working paper files.
• Stay current with developments in data protection law, ODPC guidance, and international best practices.
• Assist in preparing submissions and documentation for ODPC reporting requirements.

Required Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, required.
• Progress toward or completion of at least one of the following certifications is strongly preferred: CISA/, CIPM, CIPP/E, CIPT, CDPSE, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.
• Current or pending membership with the ICT Association of Zambia (ICTAZ).
• Student or affiliate membership with ISACA, IIA, or IAPP is an advantage.

Required Experience

• 1 to 3 years of professional or internship experience in data protection, IT auditing, cybersecurity, compliance, or a closely related field.
• Academic or practical exposure to data protection principles, privacy frameworks, or information security.
• Familiarity with Zambia’s Data Protection Act No. 3 of 2021 is an advantage.
• Exposure to international data protection standards such as GDPR is an advantage.

Technical Competencies

• Basic understanding of data protection principles including lawfulness, purpose limitation, data minimisation, and data subject rights.
• Ability to review policy documents and identify gaps or areas of concern.
• Foundational knowledge of information security concepts including access controls, encryption, and incident management.
• Proficiency in Microsoft Office tools including Word and Excel for documentation and reporting.
• Ability to learn and apply structured audit methodologies under guidance.

Behavioural Competencies

• Eagerness to learn and develop specialist expertise in data protection auditing.
• Strong attention to detail and commitment to accuracy in documentation.
• Clear written communication skills with an ability to present information logically.
• Professional conduct and discretion when handling sensitive client information.
• Ability to work effectively as part of a team and follow direction from senior colleagues.
• Good time management and ability to meet deadlines on audit deliverables.

• Assist in the planning and execution of annual and ad hoc data protection audits under the direction of a senior auditor.
• Collect and organise audit evidence from client organisations, including policies, procedures, system configurations, and processing records.
• Support the assessment of compliance with the Data Protection Act No. 3 of 2021, reviewing data processing activities, consent practices, and data subject rights mechanisms.
• Document audit findings, observations, and supporting evidence in working papers.
• Assist in identifying gaps, risks, and non-compliance indicators in data protection practices.
• Draft sections of audit reports, recommendations, and findings summaries under supervision.
• Participate in client interviews and walkthroughs alongside senior auditors.
• Review data protection policies, privacy notices, data processing agreements, and internal procedures for completeness and adequacy.
• Support the promotion of data protection awareness during client engagements.
• Maintain accurate and complete audit working paper files.
• Stay current with developments in data protection law, ODPC guidance, and international best practices.
• Assist in preparing submissions and documentation for ODPC reporting requirements.

• Basic understanding of data protection principles including lawfulness, purpose limitation, data minimisation, and data subject rights.
• Ability to review policy documents and identify gaps or areas of concern.
• Foundational knowledge of information security concepts including access controls, encryption, and incident management.
• Proficiency in Microsoft Office tools including Word and Excel for documentation and reporting.
• Ability to learn and apply structured audit methodologies under guidance.
• Eagerness to learn and develop specialist expertise in data protection auditing.
• Strong attention to detail and commitment to accuracy in documentation.
• Clear written communication skills with an ability to present information logically.
• Professional conduct and discretion when handling sensitive client information.
• Ability to work effectively as part of a team and follow direction from senior colleagues.
• Good time management and ability to meet deadlines on audit deliverables.

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, required.
• Progress toward or completion of at least one of the following certifications is strongly preferred: CISA/, CIPM, CIPP/E, CIPT, CDPSE, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.
• Current or pending membership with the ICT Association of Zambia (ICTAZ).
• Student or affiliate membership with ISACA, IIA, or IAPP is an advantage.
• 1 to 3 years of professional or internship experience in data protection, IT auditing, cybersecurity, compliance, or a closely related field.
• Academic or practical exposure to data protection principles, privacy frameworks, or information security.
• Familiarity with Zambia’s Data Protection Act No. 3 of 2021 is an advantage.
• Exposure to international data protection standards such as GDPR is an advantage.