Senior Technical Project Manager
United States of America
Full Time
1 hour ago
H1B Sponsor Likely
Key skills
SOX IT general controls (ITGC) remediationNIST 800-53 r5 cybersecurity control frameworkProgram managementMulti-vendor program coordinationIdentity and access managementChange and configuration managementVulnerability and patch managementAudit loggingBackup and recoveryIncident responsePMP certificationPgMP certificationPMI-ACP certificationOperational technology (OT) environmentsIT/OT segmentationTabletop exercisesIncident response retainer engagementsPenetration testing scoping and remediationERP systemsDatabase managementEndpoint Detection and Response (EDR)Identity Threat Detection and Response (ITDR)Zero Trust Architecturestate privacy laws CCPAstate privacy laws TDPSAstate privacy laws CPAstate privacy laws VCDPAfederal cybersecurity frameworks CMMCfederal cybersecurity frameworks DFARSfederal cybersecurity frameworks NIST 800-171Stakeholder managementProject managementBIERPProject ManagementRisk ManagementChange ManagementCommunicationPenetration TestingZero Trust
About this role
USA Rare Earth, Inc. is on a mission to become a leading supplier of critical materials enabling the green energy and technology revolution. They are hiring a Senior Technical Project Manager to lead a multi-year cybersecurity and IT compliance transformation, collaborating with various stakeholders to ensure successful execution and operational completion of initiatives.
Responsibilities:
- Own the integrated roadmap for USA Rare Earth’s NIST 800-53 r5 remediation program. Maintain timeline, dependencies, milestones, and critical path across initiatives spanning IT, OT, governance, privacy, and physical security
- Run the day-to-day program operating cadence: weekly workstream standups, bi-weekly executive steering committee, monthly CFO and IT Risk Management Board reporting, quarterly board-ready updates
- Operate the SOX ITGC remediation sprint as the highest-priority workstream through 31 December year-end. Coordinate with the Controller, Internal Audit (where present), and the external audit team so that remediation produces evidence that survives walkthroughs and TOC testing
- Maintain the program risk register and plan of action and milestones (POA&M). Surface schedule risks, resourcing constraints, and blockers to executive sponsors before they impact delivery
- Track program budget — committed, accrued, and forecast — against approved capital and operating allocations
- Serve as the primary internal point of contact for outsourced engagements, including the SOX advisory firm, the managed services provider, OT cybersecurity specialists, privacy counsel, identity engineering partners, the IR retainer firm, and annual penetration testing vendors. Drive SOW scoping, deliverable acceptance, and invoice reconciliation
- Partner with the IT Manager and the CISO to translate technical execution requirements into project-managed workstreams with clear owners, dates, and success criteria
- Coordinate with Plant Operations Management to align change windows, maintenance schedules, and security initiatives against the plant's operating schedule. Establish the operating discipline that protects production while still allowing security work to land
- Drive cross-functional initiatives that span HR (personnel security, access agreements, terminations), Legal (vendor contract standards, breach notification, privacy), Procurement (vendor onboarding gates, third-party risk assessments), and Finance (capital planning, ITGC evidence)
- Support the IT risk management function with charter execution, agenda preparation, meeting minutes, action tracking, and risk-acceptance documentation. Operate as the program’s secretariat
- Coordinate evidence collection, walkthrough preparation, and remediation tracking for SOX ITGC testing in change management, logical access, computer operations, and supporting areas
- Maintain the policy library lifecycle — owner assignments, annual review cadence, event-driven update triggers, acknowledgment tracking — in coordination with the CISO and policy owners
- Coordinate tabletop exercises, IR retainer engagements, and post-incident lessons-learned documentation
- Support the IT Manager in maturing IT operational practices: ticketing discipline with no walk-up bypass, change advisory board (CAB) execution, asset and configuration management, vendor management, and ITIL-aligned service management hygiene
- Build repeatable program-management practice within USA Rare Earth's IT and security functions — templates, status formats, decision logs — that scale as the organization grows
- Mentor IT and security staff on project-management discipline, dependency management, and audit-grade documentation practices
Requirements:
- Bachelor's degree in Information Technology, Computer Science, Business, or a related field. Master's degree (MBA, MS in Information Security, MS in IT Management) is a plus
- 8+ years of program or project management experience, including at least 4 years leading enterprise-scale IT, cybersecurity, or compliance transformation programs
- Demonstrated experience driving SOX IT general controls (ITGC) remediation inside a publicly traded company. Direct experience coordinating with a Big 4 external audit team is strongly preferred
- Hands-on program-management experience against a recognized cybersecurity control framework (NIST 800-53, NIST CSF, ISO 27001, CMMC, or equivalent). NIST 800-53 r5 experience is strongly preferred
- Demonstrated ability to run multi-vendor programs with concurrent outsourced workstreams (managed service providers, advisory firms, implementation partners) — including SOW scoping, deliverable acceptance, and budget reconciliation
- Working knowledge of IT general controls, identity and access management, change and configuration management, vulnerability and patch management, audit logging, backup and recovery, and incident response. Sufficient depth to challenge vendor and engineering proposals on substance, not only schedule
- PMP, PgMP, PMI-ACP, or equivalent program- or project-management credential
- Excellent written and verbal communication. Comfortable producing audit-grade documentation, executive-level narrative, and board-ready updates against a CFO and audit committee cadence
- Experience in operational technology (OT) environments, ideally manufacturing, mining, energy, or critical infrastructure. Direct exposure to IT/OT segmentation programs is a plus
- Prior experience coordinating tabletop exercises, IR retainer engagements, or annual penetration test scoping and remediation
- Experience with ERP systems, database management, and standard cybersecurity enterprise tool stacks and concepts (EDR, ITDR, Vulnerability Management, Zero Trust Architecture, etc.)
- Familiarity with state privacy laws (CCPA, TDPSA, CPA, VCDPA) and federal frameworks relevant to defense-adjacent and critical-mineral supply chains (CMMC, DFARS, NIST 800-171). Awareness of Defense Production Act and Department of Commerce considerations for rare earth and critical-materials companies is valued
- Ability to translate technical concepts into business terms
- Bias toward documented action — produces meeting minutes, decision logs, risk registers, and status reports that downstream teams reuse rather than rewrite
- Comfort working in ambiguity, in an environment where governance, ownership, and policy are being built in real time
- Disciplined operator — defaults to written, structured, and reviewable artifacts over verbal commitments
- Ability to credibly challenge senior internal stakeholders (IT Manager, CISO, CFO, General Counsel) and external vendors (MSP, implementation partners) on substance while maintaining strong working relationships
- Treats Plant Operations and OT environments as first-class stakeholders rather than secondary IT consumers