Change Manager - Cyber Security

emagine is looking for a Cybersecurity Change Management, Communication & Awareness Consultant

Assignment description

The client's cybersecurity department is running several transformation initiatives and security projects that impact processes, tools and behaviours across the organisation. Their success depends on user adoption, clear communication and a stronger security culture. At the same time the cyber organisation itself is evolving, and communication and change management are becoming key to building a cyber culture within the company.

The consultant supports the department across three complementary workstreams and is expected to operate across all three throughout the engagement.

Allocation: 100%
Duration: 12 months
Location: Remote, with occasional on-site presence in Sweden
Language: English (working language). Spanish and French a plus.

Workstream 1 – Change Management for cybersecurity initiatives
Lead the change management activities for the cybersecurity projects in progress and the wider department transformation. Map stakeholders and assess the people, process and tooling impacts of each initiative. Define and maintain change management plans (adoption roadmaps, communication and training needs) aligned with project milestones. Identify and manage resistance, and design mitigation and engagement actions for impacted populations. Set up and animate a change/ambassador network to relay messages and accelerate adoption. Coordinate with project leads, the CISO office and business stakeholders. Define and track adoption indicators and report progress to project and department governance.

Workstream 2 – Cybersecurity communication
Own and elevate the cybersecurity communication channels and campaigns. Manage, structure and keep up to date the cybersecurity SharePoint/intranet space (content, navigation, governance). Build and maintain an editorial calendar. Design and run communication campaigns (e.g. policies, phishing, secure behaviours, incident lessons learned). Produce engaging content and templates (newsletters, announcements, visuals, FAQs) consistent with brand and editorial guidelines. Coordinate with internal communications, HR and brand teams. Measure reach and engagement and iterate accordingly.

Workstream 3 – Awareness: review, strategy 2027–2030 & 2026 quick wins
Assess the current awareness program (content, channels, coverage, frequency, KPIs), benchmark against good practice and identify gaps and maturity level. Define a multi-year strategy for 2027–2030 covering objectives, target audiences and segmentation, messaging, channels, learning formats, governance, success metrics and indicative budget. Define and help deliver short-term, high-impact actions during 2026, with particular focus on Cybersecurity Awareness Month ("Cyber Month", October 2026) – campaign concept, activities, content and engagement mechanics. Propose a KPI/metrics framework to measure awareness maturity and behavioural change over time.

Requirements

• 8+ years in change management and/or internal communication, ideally in IT/cyber/risk

• Track record designing and running awareness or behaviour-change programs

• Strong content production (writing, editorial, visuals) and stakeholder management

• Ability to define KPIs and measure adoption and engagement

• Solid understanding of cybersecurity fundamentals and human-risk topics (no deep technical engineering required)

• Proficiency with SharePoint/intranet management and common communication and design tools

• Excellent facilitation and influencing skills

• Autonomous, structured and able to manage several workstreams in parallel

• Fluent English

Nice to have

• Spanish and French

• Experience with awareness/phishing-simulation platforms

Technical environment
SharePoint/intranet. Communication and design tools (newsletters, visuals, templates). Awareness/phishing-simulation platforms (an asset). Familiarity with cybersecurity human-risk topics.