About Us The Information Systems Agency of Armenia is supporting the creation of the Armenian e-society. In leadership with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the “Digital Architecture of Armenia,” a Government-approved approach that places interoperability, security, and high-quality service delivery as its core pillars. Our team consists of technology and policy-making specialists from various sectors, and we work transparently, engaging both the public and private sectors to help Armenia realize its goal of becoming a truly electronic society. 

About You We are seeking an experienced Information Security Risk Manager to join our dynamic team. In this role, you will be responsible for leading and managing the Risk Management Team, focusing on cybersecurity risks at the national level. You will work to strengthen Armenia’s cybersecurity resilience, develop risk management strategies, and ensure compliance with regulatory requirements across public and private sector projects. If you are passionate about enhancing national security infrastructure and have a strong background in information security and risk management, we invite you to apply.  

Risk Management and Strategy Development

• Develop and implement an Information Security Management System (ISMS) for the Information Systems Agency of Armenia.
• Design and execute risk-avoidance and risk-mitigation strategies to strengthen cybersecurity resilience.
• Identify and assess emerging risks, including regulatory changes affecting public and private sector projects, and develop policies and tools for proactive risk management.
• Evaluate compliance risks for critical infrastructure operators through systematic identification, analysis, and assessment.
• Establish standardized risk management and communication frameworks to improve reporting and decision-making.
• Analyze security reports to identify vulnerabilities and recommend effective risk remediation strategies.
• Provide strategic guidance to public and private organizations on implementing cybersecurity requirements.
• Facilitate cross-sector information sharing on policy developments, technical challenges, and best practices.

National Cybersecurity Risk Management

• Standardize national cybersecurity baseline controls to protect civilian critical infrastructure.
• Provide national-level guidance and training on implementing cyber defense policies, security configurations, and risk management frameworks.
• Develop a comprehensive national risk classification framework covering risk acceptance, transfer, avoidance, and mitigation.
• Identify and address emerging risks, including regulatory changes affecting critical infrastructure.
• Design national policies and self-assessment tools for organizations to evaluate their cyber risk posture.
• Lead and manage a team of experts to identify, analyze, and assess control weaknesses in digital infrastructures across public networks.
• Monitor and measure national cyber risk performance, reporting on maturity and progress.
• Provide risk management guidance to national stakeholders, helping them prioritize cybersecurity risks.
• Collaborate with regulators to integrate cybersecurity best practices into regulatory audits.
• Assess and report on technical and procedural security risk findings and provide remediation actions and solutions.
• Increase national risk awareness through cybersecurity governance best practices.
• Analyze the financial, safety, and security impacts of cyberattacks on critical infrastructure organizations.  

• Bachelor’s Degree in Computer Science, Information Security, or a related field.
• 5+ years of prior information security systems or IT risk management experience.
• Expert knowledge of information security management systems and procedures.
• Knowledge of frameworks necessary to standardize processes and support risk management.
• Strong technical background with the ability to develop IT security concepts and evaluate them.
• Knowledge of IT supply chain risk management policies, requirements, and procedures.
• Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network traffic flow (e.g., TCP/IP, OSI model, ITIL).
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, SQL injections, etc.).
• Ability to interpret application vulnerability assessments and security system vulnerabilities using tools (e.g., fuzzing, nmap, etc.).
• Knowledge of penetration testing principles and tools, and the ability to apply this knowledge.
• Knowledge of applicable policies, regulations, and compliance documents specific to cyber defense auditing.
• Strong analytical and problem-solving skills.
• Excellent communication skills.
• Professional qualifications in Information Security and Risk, e.g., CISSP, ISO27001 Lead Auditor/Implementor, or CRISC.

To Apply

To apply for the position, please send your CV to hr@isaa.am. Applicants who meet most of the requirements will have an advantage during the selection process.