Department: Acopian Center for the Environment (ACE)

Contract type: Service contract

Job location: Yerevan

Application deadline: 12/01/2024

The American University of Armenia (AUA) is seeking a Research Data (Information) Securityand Protection 1 Assessment to evaluate its current data security and protection posture,identify potential vulnerabilities, and recommend improvements to protect personal, sensitive,and critical information. The assessment will cover all aspects of research data security andprotection, including technology, procedures, and policies. More specifically, the assessmentobjectives are:

• Identify potential vulnerabilities in AUA’s data security and protection infrastructure,specifically as applied to research data and information as it relates to EU research andprogram funding, specifically, but also non-externally funded research such as thosecarried by AUA’s Institutional Research Office (IRO).
• Assess AUA’s compliance with existing international data security and protectionstandards, including GDPR.
•  Provide an action plan for enhancing AUA’s data security and protection, particularly forresearch and programs funded by the EU and the United States.

Responsibilities

The consultant will conduct the following tasks to meet the objectives of the assessment beingsolicited.

• Risk Identification: Identify and categorize potential risks to data security (data security architecture, infrastructure, storage, controls, and measures) and protection, includingthreats and vulnerabilities.
• Risk Analysis: Evaluate the likelihood and impact of identified risks.
• Risk Mitigation: Review current risk management strategies and suggest improvements.

Data Protection Policies and Procedures

• Policy and procedure Review: Examine existing data protection policies and proceduresfor adequacy and effectiveness.
• Review of policy and procedure enforcement mechanisms. 
• Compliance Check: Ensure alignment with relevant data security and protection withrespect to national legislation and international standards, including GDPR.
• Recommendations on policies and procedures: Provide recommendations for policy andprocedure enhancements or new policy development.

Deliverables

• Assessment Report: A detailed report outlining findings, vulnerabilities, andrecommendations.
• Executive Summary: A high-level summary of key findings and recommendations forsenior management.
• Action Plan: A prioritized action plan for addressing identified issues and enhancing datasecurity and protection to comply with relevant international standards and GDPR,particularly to comply with the

Requirements

Qualifications:

• Expertise in data protection policies and frameworks (international best practices)
• In-depth familiarity with GDPR
• Excellent skills in writing reports in English
• Excellent skills in developing action plans
• Availability to present and discuss results with stakeholders

Additional information

Please apply here.

AUA is an equal opportunity employer and is committed to an active non-discrimination program within the institution 

---