The Challenges of Managing an Information Security Project

As organisations rely more on digital technologies, information security becomes increasingly important. Protecting sensitive data and systems from threats such as cyber attacks, data breaches, and malware is essential to maintain the trust of customers, clients, and stakeholders. However, managing an information security project can be a challenging endeavour. Here are some of the key challenges that organizations face when managing an information security project:

1. Ensuring compliance with industry regulations and standards: Information security projects must often adhere to a variety of regulations and standards, such as the the Australian Cyber Security Centre (ACSC) - Essential Eight, IS27001, GDPR inEurope or the PCI DSS for payment card security. Ensuring compliance with these regulations can be a significant challenge, as it requires a thorough understanding of the requirements and a robust process for meeting them.

2. Managing stakeholders: Information security projects often involve multiple stakeholders, including IT staff, business users, and executives. Managing the expectations and needs of these stakeholders can be difficult, as each group may have different priorities and concerns. Effective communication and project management skills are essential to ensure that the project stays on track.

3. Managing risk and a robust risk assessment process: Information security projects are typically designed to mitigate risk, but there is always some level of uncertainty involved. Managing risk effectively requires a thorough understanding of the potential threats and vulnerabilities facing the organisation, as well as a robust risk assessment process. This can be challenging, as the threat landscape is constantly evolving and new risks may emerge over the course of the project.

4. Managing project scope: It is important to define the scope of the information security project clearly and ensure that it stays within budget and schedule. However, scope creep, where the project scope expands beyond the original plan, can be a common challenge. This can occur for a variety of reasons, such as new requirements being added or unforeseen challenges arising. Ensuring that the project stays on track and within scope requires careful planning and management.

5. Ensuring user adoption: Even the most well-designed information security solutions will not be effective if they are not used properly. Ensuring that users understand and adopt the new security measures can be a challenge, particularly if the changes require significant behaviour changes. It is important to educate users on the importance of the new measures and provide ongoing support to ensure that they are being used correctly.

Managing an information security project is a complex task that requires a range of skills and expertise. By understanding and addressing these challenges, organisations can ensure that their information security efforts are effective and successful.

‍

Melvin Phan

Founder & CEO

Project Management as a Service, explained

Project Management as a Service (PMaaS) is a model where organisations access expert project management capability on demand — without hiring full-time staff or engaging a consultancy. JJPH embeds experienced project managers directly inside your team. You get the skills, governance, and delivery rigour when you need them, without the overhead of permanent headcount.

⚡

Not a staffing agency

We don't place contractors and walk away. Our PMs are backed by the full JJPH team and accountable for delivery outcomes.

🏢

Not a Big 4 consultancy

No slide decks, no partner overhead, no junior staff doing the work. Senior PMs embedded inside your organisation from day one.

📈

Scales with your needs

Start with one PM and expand as your project pipeline grows. Flex up or down without the cost and delay of recruitment.

Common questions about how JJPH works

Straight answers to the questions we hear most from CEOs, COOs, and Heads of Technology before they engage us.

How is PMaaS different from hiring a contractor?

A contractor is an individual working independently. With JJPH, you get an embedded project manager backed by the full JJPH team — including collective delivery expertise, governance frameworks, and leadership oversight. If your PM is unavailable, we cover it. If your project needs specialist input, we bring it. It’s a firm relationship, not a solo hire.

What does an embedded project manager actually do inside our organisation?

They operate as part of your team — attending your standups, managing your stakeholders, owning your project plan, and reporting into your leadership. They’re accountable for delivery, not just coordination. The difference is they bring JJPH’s methodology, tools, and governance from day one rather than needing months to ramp up.

Is PMaaS right for our organisation?

PMaaS works best for organisations that have projects to deliver but don’t want the cost and commitment of full-time PM hires. It suits mid-to-large organisations across banking, housing, construction, technology, and not-for-profit that need delivery rigour without the overhead. If you’re unsure, the Portfolio Map session is the right starting point — it takes 30 minutes and gives you a clear picture.

What methodologies does JJPH use?

Our PMs are certified across Agile, PRINCE2, and Lean Six Sigma. We don’t apply a single methodology to every engagement — we match the approach to the project type, sector, and the way your organisation actually works. Most engagements use a hybrid approach tailored to your delivery environment.

How quickly can JJPH have someone embedded?

Typically within two weeks of agreement. We don’t go through a lengthy recruitment process because our PMs are already part of the JJPH team. Once we understand your project and sector, we match the right person and move quickly.

Can we start small and scale up?

Yes — this is how most client relationships start. Many organisations begin with one PM on a single project, then expand the engagement as they see results. Our land-and-expand model is designed for this. You’re not locked into a large contract upfront.