Senior Technical Project Manager

USA Rare Earth, LLC•Remote (OK, US), MO

2d•Onsite

About The Position

USA Rare Earth is hiring a Senior Technical Program Manager (TPM) to lead end-to-end execution of a multi-year cybersecurity and IT compliance transformation, anchored by SOX year-end readiness and a NIST 800-53 r5 remediation roadmap spanning 24 prioritized initiatives across corporate IT, operational technology (OT) at mining and processing sites, governance, privacy, and physical security. The TPM partners with the (incoming) Chief Information Security Officer, the IT Manager, the CFO, the General Counsel, and Plant Operations leadership to drive concurrent initiatives through to operational completion and audit-defensible evidence. The role is high-visibility and cross-functional; it is the operational spine that allows security and IT to deliver on a complex remediation plan while the plant operates on a 24/7 schedule and the company prepares for its next ITGC audit cycle. This is not a people-management role over a large IT staff. It is a program-leadership role that creates timeline, dependency, vendor, evidence, and executive-reporting structure across in-house teams and a substantial portfolio of outsourced engagements (SOX advisory, MSP, OT cybersecurity specialists, privacy counsel, identity engineering partners, penetration testing, and IR retainer).

Requirements

Bachelor's degree in Information Technology, Computer Science, Business, or a related field.
8+ years of program or project management experience, including at least 4 years leading enterprise-scale IT, cybersecurity, or compliance transformation programs.
Demonstrated experience driving SOX IT general controls (ITGC) remediation inside a publicly traded company.
Hands-on program-management experience against a recognized cybersecurity control framework (NIST 800-53, NIST CSF, ISO 27001, CMMC, or equivalent).
Demonstrated ability to run multi-vendor programs with concurrent outsourced workstreams (managed service providers, advisory firms, implementation partners) — including SOW scoping, deliverable acceptance, and budget reconciliation.
Working knowledge of IT general controls, identity and access management, change and configuration management, vulnerability and patch management, audit logging, backup and recovery, and incident response.
PMP, PgMP, PMI-ACP, or equivalent program- or project-management credential.
Excellent written and verbal communication.
Experience in operational technology (OT) environments, ideally manufacturing, mining, energy, or critical infrastructure.
Prior experience coordinating tabletop exercises, IR retainer engagements, or annual penetration test scoping and remediation.

Nice To Haves

Master's degree (MBA, MS in Information Security, MS in IT Management) is a plus.
Direct experience coordinating with a Big 4 external audit team is strongly preferred.
NIST 800-53 r5 experience is strongly preferred.
Direct exposure to IT/OT segmentation programs is a plus.
Experience with ERP systems, database management, and standard cybersecurity enterprise tool stacks and concepts (EDR, ITDR, Vulnerability Management, Zero Trust Architecture, etc.)
Familiarity with state privacy laws (CCPA, TDPSA, CPA, VCDPA) and federal frameworks relevant to defense-adjacent and critical-mineral supply chains (CMMC, DFARS, NIST 800-171).
Awareness of Defense Production Act and Department of Commerce considerations for rare earth and critical-materials companies is valued.
Ability to translate technical concepts into business terms.
Bias toward documented action — produces meeting minutes, decision logs, risk registers, and status reports that downstream teams reuse rather than rewrite.
Comfort working in ambiguity, in an environment where governance, ownership, and policy are being built in real time.
Disciplined operator — defaults to written, structured, and reviewable artifacts over verbal commitments.
Ability to credibly challenge senior internal stakeholders (IT Manager, CISO, CFO, General Counsel) and external vendors (MSP, implementation partners) on substance while maintaining strong working relationships.
Treats Plant Operations and OT environments as first-class stakeholders rather than secondary IT consumers.

Responsibilities

Own the integrated roadmap for USA Rare Earth’s NIST 800-53 r5 remediation program. Maintain timeline, dependencies, milestones, and critical path across initiatives spanning IT, OT, governance, privacy, and physical security.
Run the day-to-day program operating cadence: weekly workstream standups, bi-weekly executive steering committee, monthly CFO and IT Risk Management Board reporting, quarterly board-ready updates.
Operate the SOX ITGC remediation sprint as the highest-priority workstream through 31 December year-end. Coordinate with the Controller, Internal Audit (where present), and the external audit team so that remediation produces evidence that survives walkthroughs and TOC testing.
Maintain the program risk register and plan of action and milestones (POA&M). Surface schedule risks, resourcing constraints, and blockers to executive sponsors before they impact delivery.
Track program budget — committed, accrued, and forecast — against approved capital and operating allocations.
Serve as the primary internal point of contact for outsourced engagements, including the SOX advisory firm, the managed services provider, OT cybersecurity specialists, privacy counsel, identity engineering partners, the IR retainer firm, and annual penetration testing vendors. Drive SOW scoping, deliverable acceptance, and invoice reconciliation.
Partner with the IT Manager and the CISO to translate technical execution requirements into project-managed workstreams with clear owners, dates, and success criteria.
Coordinate with Plant Operations Management to align change windows, maintenance schedules, and security initiatives against the plant's operating schedule. Establish the operating discipline that protects production while still allowing security work to land.
Drive cross-functional initiatives that span HR (personnel security, access agreements, terminations), Legal (vendor contract standards, breach notification, privacy), Procurement (vendor onboarding gates, third-party risk assessments), and Finance (capital planning, ITGC evidence).
Support the IT risk management function with charter execution, agenda preparation, meeting minutes, action tracking, and risk-acceptance documentation. Operate as the program’s secretariat.
Coordinate evidence collection, walkthrough preparation, and remediation tracking for SOX ITGC testing in change management, logical access, computer operations, and supporting areas.
Maintain the policy library lifecycle — owner assignments, annual review cadence, event-driven update triggers, acknowledgment tracking — in coordination with the CISO and policy owners.
Coordinate tabletop exercises, IR retainer engagements, and post-incident lessons-learned documentation.
Support the IT Manager in maturing IT operational practices: ticketing discipline with no walk-up bypass, change advisory board (CAB) execution, asset and configuration management, vendor management, and ITIL-aligned service management hygiene.
Build repeatable program-management practice within USA Rare Earth's IT and security functions — templates, status formats, decision logs — that scale as the organization grows.
Mentor IT and security staff on project-management discipline, dependency management, and audit-grade documentation practices.