Senior Information Systems and Technical Auditor

Job Title: Senior Information Systems and Technical Auditor

Job Purpose

The Senior Internal Auditor is an operational level position in the Internal Audit unit of Infratel, he/she is responsible for the engagement planning, execution, and reporting of operational, compliance, and financial audits as planned in the approved Internal Audit Annual Plan and assist the Manager Internal Audit and Risk (MIAR) in the implementation of the audit plan. Provide sound advisory support to the business to drive improvements in revenue and cost optimization; effectiveness and efficiency, promoting awareness of business risk, examine business processes control improvement, provide assurance that the risk, business continuity management and disaster recovery plans, compliance requirements are operating effectively.

Key Responsibilities

Information System (IS) and Technical Audit Planning

• Participates in the development and implementation of the overall annual Internal audit plan.
• Participate in the formulation of departmental budget and strategy.
• Supports the Manager Internal Audit and risk in the design and implementation of the audit policies, framework, systems, and procedures.
• Develop engagement risk assessment and strategy and audit programs

IS Audit Execution and Management  

• Conduct Information Systems (IS)operational, Technical, governance and compliance audits.
• Perform risk based IS &Technical audits and review of systems, all applications and IS processes in accordance with International Professional Practice Framework (IPPF) for IT audit standards.
• Prepare draft IS audit reports for MIAR review and management action.
• Review IT policies and procedures, evaluation of control effectiveness and cyber and privacy processes.
• Keep abreast with emerging technologies, identify corresponding risks and mitigation plans.
• Provide business support in optimizing the Data Centre technology costs and various project implementation.
• Conduct revenue assurance audits on service provisioning
• Conducts IT audit on technical processes of towers

Business Continuity and Risk Management      

• Support the business in developing and implementing Disaster Recovery Plan procedures.
• Provide management with the assurance on the operational and control effectiveness of the Information Technology Disaster Recovery plan and risk framework.
• Provide guidance on Business and IT management on IT risk management matters, particularly on application and infrastructure security and disaster recovery
• Support in the development of IT related Key Risk Indicators (KRIs).
• Participate in the identification, assessment, and development of risk mitigation strategies on various IT and cyber risks in an advisory capacity

Compliance      

• Perform IT audits in conformity with the International Standards for Professional Practice framework, ISO27001, risk management and business continuity best practices and other standards,
• Keep abreast with ZICTA, ICTAZ ,Bank of Zambia, Data privacy laws and any other relevant laws.
• Supports in the development of relevant IT, Control and Risk related policies and procedures of Infratel.
• Compliance with COBIT 5, ITIL, data privacy laws and other IT regulations and frameworks

Training             

• Conduct Internal control, business continuity and risk awareness training to staff,
• Participate in the mentoring and training audit staff to ensure they are up to date with IT controls and developments affecting Infratel,
• Stay up to date with relevant IT Audit certifications and developments.
• People Management and Relationships
• Supervise audit and risk staff in the absence of the Manager Internal Audit and Risk,
• Actively and professionally interact with the cyber and information security team, risk officer and all auditees,
• Exercise professional diplomacy in communication and conflict resolution always.

Knowledge, Skills, Qualifications and Experience

• Minimum Bachelors’ Degree in Computer science, Telecommunications, Electronics, or relevant business
• Must be certified in either CISA, CRISC, CISM,CSX-P, CISSP, ISO 27001 Lead Auditor or working towards attaining a certification.
• Member of either ISACA, EIZ, and/or IIA
• Minimum of two (2) years practical experience in IT Audits in a fast-paced Information (Data Centre) and Telecommunications sector.