Cybersecurity Change Management & Communications Manager

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Strategy & Corporate Development

Job Sub Function:

Change Management

Job Category:

Professional

All Job Posting Locations:

São José dos Campos, São Paulo, Brazil

The Johnson & Johnson Information Security Risk Management (ISRM) team is seeking a highly motivated and dynamic individual for a Cybersecurity Change Management & Communications Manager position to lead adoption of cybersecurity initiatives within ISRM, minimize operational disruption from security changes, and ensure clear, timely communications to technical and non-technical stakeholders.

This role combines change management discipline, communications strategy, and cybersecurity domain knowledge to drive secure behavior, accelerate program adoption, and sustain risk-reducing changes across the organization.

In this role, you will design and execute change management strategies for cybersecurity programs and create and deliver targeted communication plans supporting the rollout of cybersecurity programs, including messaging about security initiatives and impacts, incident communications coordination, and stakeholder engagement across technical and non-technical audiences.

This role requires an articulate self-starter, highly comfortable in facilitating cross-stakeholder teams towards identifying change impacts and risks, communicating those changes and risks with leadership, and capturing measurements showing process adoption and effectiveness.

• Develop and execute an end-to-end change management approach for technical cybersecurity changes, including stakeholder identification, impact assessments, and communication planning.
• Collaborate with ISRM leadership and project teams to align change strategies with organizational goals.
• Develop change management roadmap, including milestones, timelines & deliverables.
• Prepare and present reports on change management activities and outcomes to senior leadership and stakeholders.
• Coordinate translation of communication documents into various languages.

• Develop executive-level presentations and reports on change progress and outcomes.
• Ensure all communication materials are accurate, accessible, and translated as needed.
• Create clear, targeted communication packages (FAQs, playbooks, transition guides) for technical changes.
• Prepare executive-level security communications and presentations.
• Create targeted security communications and ad-hoc security communications for internal and external audiences.

• Track and report adoption metrics, stakeholder engagement, and overall change effectiveness.
• Identify resistance points and implement mitigation strategies.
• Conduct lessons learned sessions to continuously improve change processes.
• Reduction in security-related helpdesk tickets after rollouts (or resolution time)
• Number of change-related incidents or rollback events

• Build strong relationships with cross-functional teams and senior leaders to drive buy-in
• Serve as a trusted advisor on change management best practices for technical initiatives
• Conduct lessons learned assessments to evaluate the success of rolled-out changes and identify areas for improvement.
• Resolve resource constraints and dependencies across multiple workstreams
• Ensure adherence to J&J established processes (Nexus, Product and Service Model, etc.)
• Deliver presentations to senior leadership, management, and team members

• Bachelor’s degree in information security, Communications, IT, or related fields
• 5+ years of experience in change management, communications, or program management, with at least 2–3 years focused on cybersecurity or IT security initiatives
• Demonstrated success creating measurable change and communications plans for technical initiatives across large, matrixed organization
• Organizational sensitivity and risk-awareness
• Familiarity with ADKAR methodology and technical environments
• Strong written and verbal communication skills with the ability to translate technical security topics for non-technical audiences
• Experience working with cross-functional teams including Security Operations, IT, Risk & Compliance
• Ability to simplify complex technical concepts for diverse audiences
• Experience managing change in fast-paced, global organizations.
• Self-motivated and able to lead independently

• Preferred working history in life-sciences
• Knowledge of Cybersecurity or other Security and Compliance experience
• Working knowledge of JIRA
• Basic project management skills and familiarity with Agile delivery approaches.
• Data-driven mindset; ability to produce and interpret adoption dashboards and metrics.
• Familiarity with security frameworks and controls (NIST CSF, ISO 27001, CIS Controls).
• Experience with communication and collaboration platforms (e.g., Microsoft 365, Slack, SharePoint, LMS, email marketing platforms).
• Certifications (Prosci Certified Change Practitioner, ACMP, or equivalent change-management certification) a plus
• Security certifications such as CISSP, CISM, or CompTIA Security+ (preferred but not required)

• Alliance Formation
• Benchmarking
• Business Case Modeling
• Business Model Innovation
• Change Management
• Coaching
• Communications Measurement
• Financial Modeling
• Impact Reporting
• Organizational Change Management
• Process Improvements
• Self-Awareness
• Stakeholder Engagement
• Strategic ChangeStrategic Thinking
• Technical Credibility
• Training People