IT Security Change Manager and Awareness Specialist

Rochester, NY


General Purpose:

The IT Security Change Manager and Awareness Specialist will be responsible for managing the communications and change management processes associated with the implementation of security-related changes within the organization. They analyze the potential impact of proposed changes, determine the associated risks, and develop a plan to implement the changes in a timely manner, while minimizing disruption to the business. The Security Change Manager and Awareness Specialist must have a solid understanding of IT infrastructure, security policies and procedures, and compliance regulations. They work closely with IT teams, business stakeholders, and other security professionals to balance the security needs of the organization with the impact to the users. The Security Change Manager must possess excellent communication, analytical, and planning skills and be able to communicate complex technical information to non-technical stakeholders.

The IT Security Change Manager and Awareness Specialist professional is also responsible for promoting and improving cybersecurity awareness among employees, contractors, and partners within the University. They work to develop and deliver security awareness training programs to ensure that everyone in the organization understands the importance of cybersecurity and knows how to protect sensitive data and information. The Security Awareness Specialist must stay up to date with the latest cybersecurity threats, technologies, and best practices to continuously improve their training programs. They also play a key role in identifying new awareness campaigns needed to address new risks to the University. The ideal candidate for this role should have a strong background in cybersecurity and training, possess excellent communication and interpersonal skills, and be able to work collaboratively with a wide range of stakeholders across the organization.


Change Management Process:

  • Determines scope of the a change, through collaboration with the executive project sponsor, key stakeholders, users, and technical/business analysts

  • Manage the awareness and user impact of implementing security-related changes within an organization

  • Assess the impacts of proposed changes

  • Determine the risks associated with the changes

  • Develop detailed plans for implementing security changes

Training and Awareness:

  • Establish strong partnerships with operational leaders and business unit subject matter experts

  • Develop and deliver cybersecurity awareness training programs to workforce members

  • Design training materials and presentations on cybersecurity best practices

  • Ensure that training materials are up-to-date and effective

  • Ensure that all cybersecurity awareness training programs are compliant with relevant laws, regulations, and industry standards

  • Develop metrics and reporting mechanisms to track and assess the effectiveness of cybersecurity awareness training programs

Communications and Documentation:

  • Makes presentations to project management team members and IT staff

  • Document the risks and mitigations associated with changes

  • Drafts user communications in conjunction with University Communication’s teams

  • Develops and delivers presentations to on proposed changes to Leadership, end users, and communities of interest

  • Works closey with the Universities Communication’s teams to ensure that internal web sites contain current, relevant security information

Project and Portfolio Planning

  • Works with the Security Program Managers to plan project timelines in order to minimize business disruption

  • Maintains awareness of each of the Security team’s projects and initiatives and seeks to create a cohesive, unified tone and message from the Security team

  • Participates in roadmap planning sessions to ensure our user-impacting changes are balanced over time


  • Participates effectively as a "Team Member".

  • Stay up-to-date with the latest regulatory requirements and industry best practices

  • Serves on committees and attends meetings as requested.

  • Follows all administrative standards (such as timely time sheet preparations, completing time away requests, completing annual mandatory educational requirements, etc.).

  • Adheres and subscribes to University Values.

Other duties as assigned.


  • Bachelor's degree in related discipline such as Business Administration, Information Technology, or other related field required

  • 4-5 years of experience in change management or cybersecurity or a combination of both required

  • Strong understanding of IT infrastructure and security policies and procedures required

  • Excellent leadership, communication (written and verbal), presentation, analytical and problem solving skills required

  • Ability to communicate complex technical information to non-technical stakeholders required

  • Strong planning and organizational skills required

  • Exhibits managerial courage. Willing to take calculated risks and to speak up for the best interests of the project team preferred

  • Professional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Change Management Institute (CMI) or Association of Change Management Professionals (ACMP) preferred

The University of Rochester is committed to fostering, cultivating, and preserving a culture of equity, diversity, and inclusion to advance the University’s mission to Learn, Discover, Heal, Create – and Make the World Ever Better. In support of our values and those of our society, the University is committed to not discriminating on the basis of age, color, disability, ethnicity, gender identity or expression, genetic information, marital status, military/veteran status, national origin, race, religion/creed, sex, sexual orientation, citizenship status, or any other status protected by law. This commitment extends to the administration of our policies, admissions, employment, access, and recruitment of candidates from underrepresented populations, veterans, and persons with disabilities consistent with these values and government contractor Affirmative Action obligations.

How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled

Pay Range

Pay Range: $ 65,000 - $135,000 Annually

The referenced pay range represents the minimum and maximum compensation for this job. Individual annual salaries/hourly rates will be set within the job’s compensation range, and will be determined by considering factors including, but not limited to, market data, education, experience, qualifications, expertise of the individual, and internal equity considerations.

Location: Central Administration
Full/Part Time: Full-Time
Opening: Full Time 40 hours Grade 055 University IT / IS
Schedule: 8 AM-5 PM