Junior Data Protection Auditor (Entry-Level)

About the role

A specialist compliance firm in Zambia is seeking an entry-level Junior Data Protection Auditor to support senior auditors on genuine client engagements. The role is focused on privacy and data protection work within the framework of the Data Protection Act No. 3 of 2021 and the ODPC licensed-auditor system. It offers practical exposure to audit fieldwork, evidence gathering, policy evaluation, report preparation, and ongoing mentorship for someone looking to build a career in this niche.

Key responsibilities

• Help plan and carry out scheduled and one-off data protection audits under the guidance of a senior auditor.
• Gather, sort, and manage audit evidence from client teams, including policies, procedures, system settings, and records of data processing.
• Contribute to compliance checks against the Data Protection Act No. 3 of 2021, with attention to processing activities, consent handling, and the mechanisms used to support data subject rights.
• Record observations, findings, and evidence in audit working papers and prepare draft portions of audit reports for review.
• Examine privacy notices, data protection policies, data processing agreements, and related internal procedures to confirm they are complete and fit for purpose.
• Support client awareness efforts by helping communicate data protection obligations and good practices during engagements.
• Keep up to date with changes in privacy legislation, ODPC guidance, and relevant global standards.
• Assist with documentation and submissions required for ODPC reporting.

Mandatory requirements

The employer is looking for a candidate with a bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a similar discipline. You should have 1 to 3 years of professional or internship experience in data protection, IT auditing, cybersecurity, compliance, or a closely related area. Membership with the ICT Association of Zambia (ICTAZ), either current or pending, is required. A solid foundation in data protection principles is also necessary, including lawfulness, purpose limitation, data minimisation, and data subject rights, along with familiarity with the Data Protection Act No. 3 of 2021 and local ICT rules.

Preferred profile

• Progress toward, or completion of, certifications such as CISA, CIPM, CIPP/E, CIPT, CDPSE, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor.
• Student or affiliate membership with ISACA, IIA, or IAPP.
• Exposure to international privacy requirements such as GDPR.

Technical competencies

• Ability to examine policy documents and spot gaps or concerns.
• Basic understanding of information security topics such as access control, encryption, and incident handling.
• Comfort using Microsoft Word and Excel for documentation and reporting.
• Capability to learn and follow structured audit methods with supervision.

Behavioural competencies

• Strong motivation to develop expertise in data protection auditing.
• Careful, accurate approach to documentation and records.
• Professionalism and discretion when dealing with sensitive client information.

Additional information

This position is based in Lusaka, Zambia and requires on-site work. It is open to Zambian nationals only, in line with regulatory and local-content commitments. The work language is English. This is a full-time role.