Cybersecurity Change Management Role Overview
The Cybersecurity Change Management Analyst is responsible for governing, coordinating, and validating changes made to securitycritical infrastructure, including firewalls, servers, cloud workloads, security platforms, endpoints, and network systems.
The analyst should work closely with requestors, cyber teams and other stakeholders to ensures that all changes are assessed for risk, follow proper approval workflows, meet policy standards, and support stable, secure operation. This is a handson process governance and coordination role ideal for someone with strong technical fundamentals and a passion for structured change control.
Key Responsibilities
- Governance & Policy Oversight
- Good understanding of cybersecurity policy (e.g., Cybersecurity Policy Suite (CPS) Standards and Specifications) and the standards.
- Change Management Execution
- Apply structured methodologies to lead change management activities across cybersecurity initiatives.
- As coordinator, should be able to represent in CAB (infrastructure/Application Change Approval/Advisory Board) for the changes related to technology.
- Change status reporting to respective stakeholders post the CAB meetings.
- Develop and maintain productive relationships with key engagement team contacts, i.e., Stakeholders and the Management.
- Conduct impact analyses, assess change readiness, and identify key stakeholders.
- Develop and implement strategies to maximize adoption and minimize resistance to cybersecurity changes.
- Exceptional communication skills, both written and verbal
- Risk Management Integration
- Collaborate with risk liaisons and business units to ensure remediation plans are in place for critical and high risks.
- Track and report on remediation timelines using frameworks like ERD (Expected Remediation Date) and ERT (Expected Remediation Timeframe).
- Flag risks with dependencies and escalate where necessary to secure executive sponsorship.
- Communication & Training
- Enable the design and delivery of communications and training programs to support change adoption.
- Coach senior leaders and managers to fulfil their roles as change sponsors.
- Compliance & Audit Support
- Ensure changes align with regulatory requirements and internal standards (e.g., NIST, ISO 27001).
- Support audit readiness and documentation for risk closure, especially for tech debt-related risks.
Qualifications & Skills
- Bachelor's or master's degree in Cybersecurity, Information Systems, or related field.
- Certifications such as CISSP, CISM, PMP, or ITIL are highly desirable.
- 2+ Years Experience.
- Strong understanding of cybersecurity frameworks, risk analysis, and change management methodologies.
- Excellent communication, leadership, and stakeholder management skills.
