avatarMelanie Wijeratna

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1877

Abstract

e organization</li><li>Communicate the importance of role-modeling the change, and encourage senior leaders to participate and support the change</li><li>Cultivate management support of the project</li><li>Ensure alignment of expectations among <a href="https://www.prosci.com/resources/articles/clarc-the-role-of-people-managers-in-change-management">people managers</a></li><li>Clarify roles</li><li>Solicit and openly receive management feedback”</li></ul><p id="29dd">This is really important, as there is usually another role, in people change management, that is confused for exactly this same work. And that’s the Change Champion.</p><figure id="699d"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*AKXyvcA5_WmzoU72"><figcaption>Photo by <a href="https://unsplash.com/@xiaowuuuuuuu?utm_source=medium&amp;utm_medium=referral">Le Vu</a> on <a href="https://unsplash.com?utm_source=medium&amp;utm_medium=referral">Unsplash</a></figcaption></figure><h2 id="0f1f">Change Champion vs Sponsor Coalition</h2><p id="c10b">Ok so Change Champions are theoretically, a network of really engaged, vivacious employees who are going to go around and <i>champion </i>the change (information security) around the organization. In my experience as a People Change Manager, what actually happens, is a change agent network is authorized and approved by the sponsor — and this network is then delegated the above work, starting with engaging the organization, all the way to soliciting and openly receiving management feedback.</p><p id="1e38">The problem with this approach is it usually grinds the the entire change strategy to a halt. Why?</p><p id="4f43">Have you ever seen a change champion volunteer for the role?</p><p id="d190">No me neither. And I’m a People Change Manager.</p><p id="39fd">Across the board, what I have seen is change champions are voluntold for

Options

the role, by management. Which means they are junior employees. Which means, they have little to no formal or informal authority. Which means when they try to engage across the organization, communicate the importance of role-modeling the change, all the way to soliciting feedback, very few people pay attention. Because those junior employees aren’t paying their paycheques. The way an executive sponsor likely is (or has direct influence over). There’s no WIFFM for anyone to listen to change champions.</p><p id="01ba">But there is, when you have an influential subset of leaders across the organization. Or what’s called a sponsor coalition.</p><p id="be66">See, the thing about sponsor coalitions is it’s actually them who are going to quickly spot the potential barriers to your information security program, upfront. They can talk to the middle managers, who will be able to identify the cultural and procedural changes, that might be needed.</p><p id="a31d">And they can build Awareness for, or socialize the importance of, your information security program. But Awareness is a story for another day.</p><figure id="fb88"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*s_sOpipNx_XufH0H"><figcaption>Photo by <a href="https://unsplash.com/@jjying?utm_source=medium&amp;utm_medium=referral">JJ Ying</a> on <a href="https://unsplash.com?utm_source=medium&amp;utm_medium=referral">Unsplash</a></figcaption></figure><p id="261e">The greatest success factor for effectively managing information security, is effective business relationships. When you help put together a sponsor coalition, vs. just using a change champion network, you’re helping your information security program have a far better chance of doing what it’s supposed to do — protect your company from losing millions in a ransomware.</p><p id="478e">Happy leadership.</p></article></body>

The power of influential leaders in cybersecurity

Change champions vs a Sponsor coalition

The greatest success factor for effectively managing information security, is effective business relationships. Support for information security, from senior managers, is essential for an effective security program. This requires developing good relationships throughout the enterprise and particularly with influential managers (ISACA).

Photo by Michael on Unsplash

So important, and easier said than done. To help build good business relationships, PROSCI has an article titled 5 Ways to Help Sponsors Build a Coalition of Support for Change. And right off the bat, Lisa Kempton hits the nail right on the head:

“One of the key roles of sponsors during any change is to build a coalition of support among important stakeholders in the organization. With such a coalition, organizational changes are far more likely to succeed.

Lisa goes on to address the importance of why it needs to be leaders who do this. Leaders need to be Active, Build a coalition of support, and Communicate directly with employees (the ABC’s of Effective Sponsorship).

Some of the things that a sponsor coalition will do for your information security program are:

  • “Engage across the organization
  • Communicate the importance of role-modeling the change, and encourage senior leaders to participate and support the change
  • Cultivate management support of the project
  • Ensure alignment of expectations among people managers
  • Clarify roles
  • Solicit and openly receive management feedback”

This is really important, as there is usually another role, in people change management, that is confused for exactly this same work. And that’s the Change Champion.

Photo by Le Vu on Unsplash

Change Champion vs Sponsor Coalition

Ok so Change Champions are theoretically, a network of really engaged, vivacious employees who are going to go around and champion the change (information security) around the organization. In my experience as a People Change Manager, what actually happens, is a change agent network is authorized and approved by the sponsor — and this network is then delegated the above work, starting with engaging the organization, all the way to soliciting and openly receiving management feedback.

The problem with this approach is it usually grinds the the entire change strategy to a halt. Why?

Have you ever seen a change champion volunteer for the role?

No me neither. And I’m a People Change Manager.

Across the board, what I have seen is change champions are voluntold for the role, by management. Which means they are junior employees. Which means, they have little to no formal or informal authority. Which means when they try to engage across the organization, communicate the importance of role-modeling the change, all the way to soliciting feedback, very few people pay attention. Because those junior employees aren’t paying their paycheques. The way an executive sponsor likely is (or has direct influence over). There’s no WIFFM for anyone to listen to change champions.

But there is, when you have an influential subset of leaders across the organization. Or what’s called a sponsor coalition.

See, the thing about sponsor coalitions is it’s actually them who are going to quickly spot the potential barriers to your information security program, upfront. They can talk to the middle managers, who will be able to identify the cultural and procedural changes, that might be needed.

And they can build Awareness for, or socialize the importance of, your information security program. But Awareness is a story for another day.

Photo by JJ Ying on Unsplash

The greatest success factor for effectively managing information security, is effective business relationships. When you help put together a sponsor coalition, vs. just using a change champion network, you’re helping your information security program have a far better chance of doing what it’s supposed to do — protect your company from losing millions in a ransomware.

Happy leadership.

Cybersecurity
Leadership
Business
Technology
Money
Recommended from ReadMedium