Vulnerability assessment analyst

Description

We are seeking a highly skilled and motivated Standards and Compliance Assessor to join our team. The Standards and Compliance Assessor will be responsible for conducting independent and comprehensive assessments of the management, operational, and technical security controls within our information technology (IT) systems. This role plays a critical function in ensuring the overall effectiveness of organizational controls, aligning with ISO 27002 and NIST SP 800-37 standards. The successful candidate will have a strong background in information security, compliance, and risk management, coupled with excellent analytical abilities and communication skills.

Responsibilities

• Develop methodologies to monitor and measure risk, compliance, and assurance efforts.
• Establish specifications ensuring adherence to security, resilience, and dependability requirements across software applications, systems, and network environments.
• Draft statements delineating preliminary or residual security risks for system operation.
• Maintain materials pertaining to information systems assurance and accreditation.
• Monitor and evaluate a system's compliance with IT security, resilience, and dependability requirements.
• Assess the effectiveness of security controls.
• Conduct security reviews to identify gaps in security architecture and develop risk management plans.
• Perform risk analysis for applications or systems undergoing significant changes.
• Plan and execute security authorization reviews and develop assurance cases for system and network installations.
• Verify the implementation of application software/network/system security postures, document deviations, and recommend corrective actions.
• Identify applications and operating systems of network devices based on network traffic analysis.

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field. Master's degree or relevant professional certifications (e.g., CISSP, CISA, CISM, CRISC) preferred.
• 3-5 years of experience in information security, compliance, or related fields.
• Experience in conducting security assessments, audits, or compliance evaluations.
• Proven track record in developing and implementing risk management strategies and security controls.
• Familiarity with security assessment and authorization processes and relevant standards.
• Proficiency in utilizing security assessment tools and methodologies.
• Strong understanding of network security principles and architectures.
• Experience with vulnerability assessment tools and techniques.
• Knowledge of scripting languages (e.g., Python, PowerShell) is a plus.
• Familiarity with security information and event management (SIEM) systems.
• Experience with cloud security principles and practices is desirable.
• Excellent analytical and problem-solving abilities.
• Strong communication and interpersonal skills.
• Detail-oriented mindset with a focus on accuracy.
• Ability to work independently and collaboratively within a team environment.
• Adaptability and willingness to stay updated with the latest trends in cybersecurity.
• Relevant professional certifications such as CISSP, CISA, CISM, CRISC, or equivalent certifications are highly desirable.
• Additional certifications related to specific technologies or frameworks (e.g., CCNA, CEH, CompTIA Security+) would be beneficial.

Additional Notes

About the Employer:

Open and quality data is a critical asset, translating into national wealth! Developing an advanced and secure environment, enablers, and infrastructure is a necessary precondition for transforming Armenia into an e-society and e-economy.

The Information Systems Agency of Armenia (ISAA) is responsible for ensuring the technological foundations and development of the digital state in RA.

BACKGROUND

The world is currently undergoing a fundamental digital transformation, whereby all aspects of our lives are currently data points. Therefore, the main challenge for governments globally is capitalising on the opportunities created by this vast amount of data, for example in personalised finance or medicine, without jeopardising personal or national security.

The Government of Armenia is firmly committed to embracing the digital agenda by creating the necessary institutional architecture to catalyse building a secure and thriving digital society and economy. Doing so requires the private, especially financial, sector to play a leading role in this process, and the current over-emphasis on e-government alone needs to change. Therefore, our mission is to build the necessary infrastructure and enablers for this digital society and economy, intended for shared use both by the private sector and the Government, with the explicit goal of improving the day-to-day life of Armenian people and businesses.

It is the Government’s perspective that taking on this digitalization endeavour is not a luxury, but a necessity. Recent diagnostics by various international institutions and independent experts have found that further ad-hoc digitalization in Armenia, if taking place without the mentioned enablers and institutional architecture (e.g. digital identity, cybersecurity, data interoperability and governing standards), represents a serious threat to national security.

VISION

Open and quality data is a critical asset, translating into national wealth! Developing an advanced and secure environment, enablers, and infrastructure is a necessary precondition for transforming Armenia into the e-Society and e-Economy. The key mission of the digital society and economy would be to empower the population to continuously improve their lives and wellbeing, provide opportunities for the private sector to enhance competitiveness, and ensure greater efficiency and good governance of public institutions through the development and widespread use of ICT solutions built around citizen experience and lifecycle. These imply Seamless, Proactive, Convenient and Personalised services.