Senior Information System Auditor

  • Full Time
  • Lusaka, Zambia
  • Applications have closed.

INFRATEL

The Senior Information Systems and Technical Auditor (SISTA) is an operational position responsible for providing an independent and objective assurance over the general and application controls and risk management of INFRATEL’s Technology systems, Telecommunications and tower site infrastructure, and networks. This role includes identifying potential risks in systems network and recommending an action plan to prevent security breaches in the technology ecosystem. The SISTA will be involved in the planning, execution of audit procedures and drafting internal Information Systems and Technical audit reports for the attention of the Head of Internal Audit and Risk. Responsibilities will further include supporting the Risk and Business Continuity Officer in the coordination and implementation of the risk assessment, cyber risks, business continuity management, awareness training and disaster recovery plan.

Key Responsibilities
Information System (IS) and Technical Audit Planning
  • Participates in the development and implementation of the overall annual Internal audit plan.
  • Participate in the formulation of departmental budget and strategy.
  • Supports the Manager Internal Audit and risk in the design and implementation of the audit policies, framework, systems, and procedures.
  • Develop engagement risk assessment and strategy and audit programs.
IS Audit Execution and Management
  • Conduct Information Systems (IS) operational, Technical, governance and compliance audits.
  • Perform risk based IS & Technical audits and review of systems, all applications and IS processes in accordance with International Professional Practice Framework (IPPF) for IT audit standards.
  • Prepare draft IS audit reports for MIAR review and management action.
  • Review IT policies and procedures, evaluation of control effectiveness and cyber and privacy processes.
  • Keep abreast with emerging technologies, identify corresponding risks and mitigation plans.
  • Provide business support in optimizing the Data Centre technology costs and various project implementation.
  • Conduct revenue assurance audits on service provisioning.
  • Conducts IT audit on technical processes of towers.
Business Continuity and Risk Management
  • Support the business in developing and implementing Disaster Recovery Plan procedures.
  • Provide management with the assurance on the operational and control effectiveness of the Information Technology Disaster Recovery plan and risk framework.
  • Provide guidance on Business and IT management on IT risk management matters, particularly on application and infrastructure security and disaster recovery.
  • Support in the development of IT related Key Risk Indicators(KRIs).
  • Participate in the identification, assessment, and development of risk mitigation strategies on various IT and cyber risks in an advisory capacity
Compliance
  • Perform IT audits in conformity with the International Standards for Professional Practice framework, ISO 27001-2022, risk management and business continuity best practices and other standards,
  • Keep abreast with ZICTA, ICTAZ, Bank of Zambia, Data privacy laws and any other relevant laws.
  • Supports in the development of relevant IT, Control and Risk related policies and procedures of Infratel.
  • Compliance recent IT Governance Standards, ITIL, data privacy laws and other IT regulations and frameworks
Training
  • Conduct Internal control, business continuity and risk awareness training to staff,
  • Participate in the mentoring and training audit staff to ensure they are up to date with IT controls and developments affecting Infratel,
  • Stay up to date with relevant IT Audit certifications and developments.
People Management and Relationships
  • Supervise audit and risk staff in the absence of the Manager Internal Audit and Risk,
  • Actively and professionally interact with the cyber and information security team, risk officer and all auditees,
  • Exercise professional diplomacy in communication and conflict resolution always.
  • Minimum bachelor’s degree in computer science, Telecommunications, Electronics, or relevant business
  • Must either be a Certified Information Systems Auditor or Certified Data Centre Audit Professional (CDCAP)or ISO 27001 Lead Auditor.
  • CRISC, CISM, CSX-P, CISSP will bean added advantage.
  • Member of either ISACA, EIZ, and/or IIA Zambia
  • Technical knowledge in IT audits, risk, Telecommunications, tower site management, and security
  • Good knowledge of various IT and software development frameworks and cycle
  • Good knowledge of Cybersecurity and related controls
  • Good knowledge of various frameworks such as COBIT 5 and ITIL
  • Good knowledge of Data Centre operations
  • Good knowledge IT Disaster Recovery processes
  • leadership and management skills.
  • Ability to collaborate and work with a team.
  • Strong oral and written communication skills.
  • Excellent interpersonal skills to professionally interact with HoDs and staff.
  • Strong business acumen applied to execution of IT audits.
  • Good risk and Project Management skills.
  • Logical thinking and problem solving
  • Highly proven ethical conduct and free from criminal record; and
  • Attention to detail with tenacity for identifying the root cause of audit findings.
  • Uphold strong professional and ethical values which includes confidentiality, integrity, professional due care.
  • Minimum of three (3) years practical experience in IT Audits in a fast-paced Information (Data Centre) and Telecommunications sector.
  • Minimum of two (2) years External Information Systems Audit Experience is added advantage.
Share this with Family and Friends