Information Security Risk Manager

Information Systems Agency of Armenia

- Develop and implement an Information Security Management System (ISMS) for the Information Systems Agency of Armenia - Design and execute risk-avoidance and risk-mitigation strategies to strengthen cybersecurity resilience - Identify and assess emerging risks, including regulatory changes affecting public and private sector projects, and develop policies and tools for proactive risk management - Evaluate compliance risks for critical infrastructure operators through systematic identification, analysis, and assessment - Establish standardized risk management and communication frameworks to improve reporting and decision-making - Analyze security reports to identify vulnerabilities and recommend effective risk remediation strategies - Provide strategic guidance to public and private organizations on implementing cybersecurity requirements - Facilitate cross-sector information sharing on policy developments, technical challenges, and best practices

- Bachelor’s Degree in Computer Science, Information Security, or a related field - 5+ years of prior information security systems or IT risk management experience - Expert knowledge of information security management systems and procedures - Knowledge of frameworks necessary to standardize processes and support risk management - Strong technical background with the ability to develop IT security concepts and evaluate them - Knowledge of IT supply chain risk management policies, requirements, and procedures - Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth) - Knowledge of network traffic flow (e.g., TCP/IP, OSI model, ITIL) - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, SQL injections, etc.) - Ability to interpret application vulnerability assessments and security system vulnerabilities using tools (e.g., fuzzing, nmap, etc.) - Knowledge of penetration testing principles and tools, and the ability to apply this knowledge - Knowledge of applicable policies, regulations, and compliance documents specific to cyber defense auditing - Strong analytical and problem-solving skills - Excellent communication skills - Professional qualifications in Information Security and Risk, e.g., CISSP, ISO27001 Lead Auditor/Implementor, or CRISC

To apply for the position, please send your CV to hr@isaa.am. Applicants who meet most of the requirements will have an advantage during the selection process. Please mention in your application that you have learned about this position from MyJob.am