The Information systems agency of Armenia is supporting the creation of the Armenian e-society. In leadership with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the “Digital Architecture of Armenia,” a Government-approved approach that places interoperability, security, and high-quality service delivery at its core. Our team consists of technology and policy-making specialists from various sectors, and we work transparently, engaging both the public and private sectors to help Armenia realize its goal of becoming a truly electronic society.

As a Cybersecurity Auditor focusing on IT Asset Management and Policy Oversight, you will assess the effectiveness of security controls, validate compliance with baseline requirements, and help organizations translate security policy into practical, measurable implementation.

You will work cross-functionally with technical teams, policy and legal stakeholders, and external partners to improve visibility into assets, risks, and control maturity.

·        Plan and conduct cybersecurity audits and control assurance activities (policy, process, and technical controls) and document findings with clear, risk-based remediation guidance.

·        Support the development and maintenance of baseline cybersecurity controls and assessment criteria aligned with international standards and good practice.

·        Strengthen IT asset management governance: define and assess inventory requirements, ownership/accountability, classification, lifecycle management, and evidence expectations.

·        Assess third-party and supply chain security risks as part of audits and assurance activities, including supplier security requirements and control validation.

·        Maintain and report a consolidated view of control maturity, audit findings, and remediation progress through dashboards and executive summaries.

·        Collaborate with SOC and incident response teams to incorporate lessons learned into updated controls and assurance priorities.

·        Support stakeholder engagement and capacity building (briefings, workshops, guidance) to improve adoption of security policies and audit readiness.

·        5+ years of experience in cybersecurity audit, IT risk management, GRC, or information security assurance.

·        Working knowledge of ISMS concepts and control frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, COBIT, or equivalents).

·        Ability to understand and evaluate technical control evidence (e.g., secure configuration, access control, logging, vulnerability management, network security).

·        Strong analytical and writing skills for producing audit plans, findings, and clear remediation recommendations.

·        Ability to work with diverse stakeholders (technical and non-technical) and manage multiple parallel workstreams.

·        High integrity and discretion in handling sensitive information.

Preferred experience

·        Experience auditing or supporting organizations in regulated or critical infrastructure environments.

·        Experience with IT asset management practices and tooling (CMDB/inventory approaches) and how they support security outcomes.

·        Experience with security metrics, maturity models, and risk reporting for leadership decision-making.

·        Familiarity with EU-aligned cybersecurity concepts (e.g., NIS2) and the role of national guidance and coordination.

·        Professional working proficiency in Armenian and English.

·        Occasional travel to customer site is required.

Certifications we value

Certifications are an advantage. Examples include:

·        CISA (Certified Information Systems Auditor)

·        CRISC (Certified in Risk and Information Systems Control)

·        ISO/IEC 27001 Lead Auditor and/or Lead Implementer

·        CISM or CISSP (depending on seniority and focus)

Please send your CV to hr@isaa.am, ensuring you mention the position name in the subject line of the email.