The Information systems agency of Armenia is supporting the creation of the Armenian e-society. In leadership with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the “Digital Architecture of Armenia,” a Government-approved approach that places interoperability, security, and high-quality service delivery at its core. Our team consists of technology and policy-making specialists from various sectors, and we work transparently, engaging both the public and private sectors to help Armenia realize its goal of becoming a truly electronic society.

You will own and continuously improve ISAA’s security governance, risk management, and security assurance activities. This includes establishing and operating an information security management system (ISMS), strengthening incident preparedness and response, and partnering with delivery teams so that security enables - rather than slows - progress.

This role works closely with ISAA leadership, IT and engineering teams, product and service delivery teams, legal and policy stakeholders, and AM-CERT and SOC operations.

·        Define and maintain ISAA’s information security strategy, priorities, and multi-year roadmap aligned with the Digital Architecture of Armenia and national cybersecurity goals.

·        Establish, implement, and continuously improve an ISMS aligned with ISO/IEC 27001, including policies, procedures, risk treatment plans, and evidence for assurance activities.

·        Lead security risk management: maintain an enterprise risk register, run risk assessments for programs and services, and drive risk-based remediation planning with accountable owners.

·        Set security architecture principles and review major solution designs (e.g., identity, interoperability, cloud, infrastructure), ensuring security-by-design and privacy-by-design.

·        Oversee vulnerability management, secure configuration baselines, and security monitoring in partnership with the SOC and engineering teams.

·        Ensure ISAA has an effective incident management capability (plans, playbooks, exercises, reporting) and coordinate with AM-CERT during incidents that require national-level response or external coordination.

·        Plan and lead internal and external security assessments and audits; coordinate remediation tracking and executive reporting.

·        Build and promote a security culture through awareness, training, and practical guidance for technical and non-technical teams.

·        Mentor and develop cybersecurity staff; contribute to hiring plans, team structure, and professional development pathways.

·        7+ years of progressive experience in information security, cybersecurity governance, or security engineering, including experience leading programs or teams.

·        Hands-on experience implementing and operating an ISMS (ISO/IEC 27001 or equivalent), including risk assessment and control assurance.

·        Strong knowledge of security governance and risk management frameworks (e.g., ISO/IEC 27001/27005, NIST CSF), and how to apply them pragmatically.

·        Ability to partner with engineering teams on security architecture, secure SDLC, cloud and infrastructure security, and vulnerability management.

·        Demonstrated ability to communicate risk and security decisions clearly to both technical teams and executive stakeholders.

·        Strong writing skills for policies, standards, executive summaries, and audit evidence.

·        High integrity and ability to handle sensitive information responsibly.

Preferred experience

·        Experience supporting national-scale digital services, critical infrastructure, regulated environments, or public sector programs.

·        Experience coordinating incident response with SOC/CERT teams and external stakeholders (e.g., regulators, service providers, vendors).

·        Experience with third-party and supply chain security risk management.

·        Familiarity with privacy and data protection requirements and how they intersect with cybersecurity controls.

·        Professional working proficiency in both Armenian and English.

Certifications we value

We consider certifications as an advantage, not a requirement. Relevant certifications include:

·        CISSP or CISM

·        CRISC or CISA

·        ISO/IEC 27001 Lead Implementer and/or Lead Auditor

·        Cloud security certifications (e.g., CCSP, AWS/Azure security) depending on focus area

Please send your CV to hr@isaa.am, ensuring you mention the position name in the subject line of the email.