Overview

We are recruiting!

Our client in Lusaka, is looking for a Senior Data Protection Auditor to join their team for a job vacancy within the IT industry.

Senior Data Protection Auditor

Department – Data Protection & Compliance

Purpose of the Role

The Data Protection Auditor is responsible for planning and executing data protection compliance audits across assigned client organisations. The role serves as the primary audit delivery professional, ensuring audits are conducted in line with the Data Protection Act No. 3 of 2021 and the ODPC audit framework. The incumbent will lead fieldwork, assess technical and organisational controls, produce formal audit reports, and provide actionable recommendations to controllers and processors.

Key Responsibilities

• Plan, conduct, and conclude annual and ad hoc data protection audits across public and private sector data controllers and processors.
• Assess compliance levels against the Data Protection Act No. 3 of 2021, including lawfulness, fairness, and transparency of processing activities.
• Evaluate the effectiveness of data protection policies, procedures, and technical/organisational security measures including encryption, access controls, and incident response.
• Identify and document data protection risks, vulnerabilities, and gaps likely to result in non-compliance or data breaches.
• Prepare comprehensive audit reports in line with the ODPC audit report template, including findings, risk ratings, and recommendations.
• Conduct interviews with data controllers, processors, and relevant staff to gather audit evidence.
• Review data processing agreements, privacy notices, consent mechanisms, and data subject rights procedures.
• Deliver presentations of audit findings to client stakeholders and management teams.
• Promote awareness of data protection principles and rights among client stakeholders during audit engagements.
• Maintain organised and complete audit working papers and evidence files.
• Support the organisation’s response to ODPC submissions, including timely delivery of audit reports.

Required Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Law, or a related field.
• At least one cyber security or data protection or privacy certification from the following: CISA, CISSP, CEH, CIPM, CIPP/E, CIPT, CDPO, CDPSE, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.
• Current membership with the ICT Association of Zambia (ICTAZ).
• Membership with ISACA, IIA, or IAPP is a strong advantage.

Required Experience

• Minimum 4 to 6 years of professional experience in at least one of the following: data protection, cybersecurity, IT auditing, data governance, or regulatory compliance.
• Demonstrated experience conducting or supporting formal ICT or data protection audits.
• Proven ability to assess technical security controls such as access management, encryption, and incident response frameworks.
• Familiarity with international data protection standards including GDPR, and their applicability alongside Zambian law.
• Experience producing structured, formal audit reports for management or regulatory review.
• At least two verifiable references from data protection or privacy service engagements within the past two years.

Technical Competencies

• In-depth working knowledge of the Data Protection Act No. 3 of 2021 and local ICT regulations.
• Understanding of data governance frameworks.
• Ability to assess policies, procedures, and technical controls against regulatory requirements.
• Proficiency in audit tools and techniques including risk-based audit methodology.
• Knowledge of data breach identification, notification obligations, and incident response.

Behavioural Competencies

• Strong analytical and critical thinking skills with attention to detail.
• Excellent written and verbal communication skills; ability to write clear, professional audit reports.
• Professional integrity and confidentiality in handling sensitive client information.
• Ability to manage multiple audit engagements simultaneously.
• Client-facing confidence with ability to present findings to senior stakeholders.

• Plan, conduct, and conclude annual and ad hoc data protection audits across public and private sector data controllers and processors.
• Assess compliance levels against the Data Protection Act No. 3 of 2021, including lawfulness, fairness, and transparency of processing activities.
• Evaluate the effectiveness of data protection policies, procedures, and technical/organisational security measures including encryption, access controls, and incident response.
• Identify and document data protection risks, vulnerabilities, and gaps likely to result in non-compliance or data breaches.
• Prepare comprehensive audit reports in line with the ODPC audit report template, including findings, risk ratings, and recommendations.
• Conduct interviews with data controllers, processors, and relevant staff to gather audit evidence.
• Review data processing agreements, privacy notices, consent mechanisms, and data subject rights procedures.
• Deliver presentations of audit findings to client stakeholders and management teams.
• Promote awareness of data protection principles and rights among client stakeholders during audit engagements.
• Maintain organised and complete audit working papers and evidence files.
• Support the organisation’s response to ODPC submissions, including timely delivery of audit reports.

• In-depth working knowledge of the Data Protection Act No. 3 of 2021 and local ICT regulations.
• Understanding of data governance frameworks.
• Ability to assess policies, procedures, and technical controls against regulatory requirements.
• Proficiency in audit tools and techniques including risk-based audit methodology.
• Knowledge of data breach identification, notification obligations, and incident response.
• Strong analytical and critical thinking skills with attention to detail.
• Excellent written and verbal communication skills; ability to write clear, professional audit reports.
• Professional integrity and confidentiality in handling sensitive client information.
• Ability to manage multiple audit engagements simultaneously.
• Client-facing confidence with ability to present findings to senior stakeholders.

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Law, or a related field.
• At least one cyber security or data protection or privacy certification from the following: CISA, CISSP, CEH, CIPM, CIPP/E, CIPT, CDPO, CDPSE, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.
• Current membership with the ICT Association of Zambia (ICTAZ).
• Membership with ISACA, IIA, or IAPP is a strong advantage.