Redwood Materials, Inc.
Staff Program Manager, Information Security
Redwood Materials, Inc., Nevada, Iowa, United States, 50201
Overview
Staff Program Manager, Information Security — McCarran, NV
About Redwood Materials
Redwood is localizing a global battery supply chain that seamlessly integrates recovery, reuse, and recycling—keeping critical minerals in circulation and driving the energy transition. Founded in 2019, we’re delivering low-cost and large-scale energy storage and producing battery materials in the U.S. for the first time, all from batteries we already have.
Staff Program Manager, Information Security
We are seeking an experienced Senior Information Security Program Manager for Governance, Risk and Compliance, to lead the preparation and ongoing audit readiness of the Information Security program to ensure the organization's compliance with industry standards. In collaboration with the IT, Enterprise Risk and Compliance, and Quality Assurance teams, and as a representative of the Information Security program, you will drive the maturity of our Information Security Compliance Program, focusing on control ownership and risk management while providing pragmatic, risk-centric advisory services to stakeholders.
This role offers the opportunity to shape the security posture of a rapidly growing organization while contributing to our mission of sustainable technology innovation.
Responsibilities
Design and execute the strategic vision for our Information Security GRC program
Develop and maintain the Information Security Governance, Risk, and Compliance program, creating policies, procedures, and extending organizational capabilities while ensuring alignment with industry best practices
Drive cross-functional collaboration with IT, Enterprise Risk and Compliance, and other operational teams to implement secure, consistent patterns and expand observability
Identify and prioritize opportunities for improving organizational risk posture
Create and maintain comprehensive Information Security documentation, including a knowledge base, compliance reports, risk registers, and policy documentation
Serve as a subject matter expert in:
Developing and managing the Compliance Program
Coordinating Audit Evidence Gathering
Overseeing User Access Reviews
Developing Policies and Processes
Managing Change Management Processes
Conducting Risk Assessments and Mitigation
Leading Security Awareness and Training Programs
Own and maintain Third Party Risk Management evaluation practices
Maintain the Information Security policy portfolio
Manage operational capabilities including GRC tools and platforms
Oversee the security lifecycle of compliance initiatives and audit preparations
Represent Information Security in partnerships with internal teams and third-party organizations
Develop and maintain a reporting framework to keep stakeholders informed of risks, compliance status, and program progress
Establish and own the Information Security change management review process
Qualifications
7+ years of hands-on experience in Information Security Governance, Risk, and Compliance programs developing risk-centric solutions, leveraging industry standard controls frameworks and implementations.
5+ years of direct ownership in at least 3 of the following:
Compliance Program Management
Audit Evidence Gathering
User Access Reviews
Policy and Process Development
Change Management
Risk Assessment and Mitigation
Security Awareness and Training Programs
Proficiency with 4 or more industry-standard compliance programs (e.g., ISO 27001, CIS v8.1, NIST 800-53/88/171, CMMC, TISAX, SOC 2, Sarbanes-Oxley)
Extensive experience overseeing IT compliance initiatives in mixed on-premises and cloud-based environments (e.g., AWS, GCP, Azure, Entra, Active Directory, etc.), ensuring adherence to industry standards and regulatory requirements
Advanced knowledge of Governance, Risk, and Compliance frameworks and best practices, demonstrable experience in:
Developing and implementing IT security policies and procedures
Conducting risk assessments and managing risk mitigation initiatives
Preparing for and managing internal and external IT audits
Leading security awareness and training programs
Third Party Risk Management Evaluations
Strong understanding of regulatory requirements and industry standards
Familiarity with GRC tools and technologies
Relevant professional certifications such as PMP, CISSP, CIPM, CIPT, CISM, CISA, CRISC, CGEIT, GSEC, GSNA or GCCC
Excellent communication and interpersonal skills, including:
Ability to influence and collaborate with stakeholders at all levels
Strong presentation and report-writing skills
Effective leadership and mentoring abilities
Demonstrated experience in managing complex programs and projects, including developing project plans, and leading cross-functional teams to deliver results on time and within scope.
Excellent attitude, team collaboration, communication, and self-motivation
A passion for sustainability and making the world a better place!
Physical Requirements
Ability to perform essential job functions in compliance with ADA, FMLA, and other relevant federal, state, and local regulations, including meeting both qualitative and quantitative productivity standards
Ability to maintain regular and punctual attendance in line with ADA, FMLA, and applicable standards
Ability to wear personal protective equipment (PPE), including safety gloves, helmets, and eyewear, or additional PPE when required
Ability to lift and carry up to 50 lbs
Ability to communicate clearly and effectively on the telephone, including listening and speaking
Working Conditions
Office setting, manufacturing floor, outdoor job site, or remote work
Exposure to loud noise, extreme heat or cold, dust, fumes, or hazardous chemicals
Required to work weekends, evenings, on-call shifts, or extended hours on a regular basis
Less than 5% of the time, occasional travel, or frequent travel for meetings, site visits, or events
The position is full-time. Compensation will be commensurate with experience.
EEO and Privacy We collect personal information (PI) from you in connection with your application for employment with Redwood Materials, including identifiers, personal records, professional or employment information, and inferences drawn from your PI. We collect your PI for our purposes, including performing services and operations related to your potential employment. If you have additional privacy-related questions, please contact us at privacy@redwoodmaterials.com.
As set forth in Redwood Materials’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.
Voluntary Self-Identification For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.
A disclosure of disability is voluntary; information provided will be used only for compliance with applicable laws. See the Disability and Public Burden sections for details.
Voluntary Self-Identification of Disability Form CC-305 — Page 1 of 1
OMB Control Number 1250-0005 — Expires 04/30/2026
Why are you being asked to complete this form? We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
Completing this form is voluntary, and your information is confidential. No one who makes hiring decisions will see it. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s OFCCP website at www.dol.gov/ofccp.
Disability Status
Disabilities include, but are not limited to:
Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder (e.g., lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS)
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or hard of hearing
Diabetes
Disfigurement
Epilepsy or other seizure disorder
Gastrointestinal disorders
Intellectual or developmental disability
Mental health conditions
Mobility impairment
Nervous system conditions
Neurodivergence
Paralysis
Pulmonary or respiratory conditions
Short stature
Traumatic brain injury
PUBLIC BURDEN STATEMENT: This survey should take about 5 minutes to complete.
#J-18808-Ljbffr
About Redwood Materials
Redwood is localizing a global battery supply chain that seamlessly integrates recovery, reuse, and recycling—keeping critical minerals in circulation and driving the energy transition. Founded in 2019, we’re delivering low-cost and large-scale energy storage and producing battery materials in the U.S. for the first time, all from batteries we already have.
Staff Program Manager, Information Security
We are seeking an experienced Senior Information Security Program Manager for Governance, Risk and Compliance, to lead the preparation and ongoing audit readiness of the Information Security program to ensure the organization's compliance with industry standards. In collaboration with the IT, Enterprise Risk and Compliance, and Quality Assurance teams, and as a representative of the Information Security program, you will drive the maturity of our Information Security Compliance Program, focusing on control ownership and risk management while providing pragmatic, risk-centric advisory services to stakeholders.
This role offers the opportunity to shape the security posture of a rapidly growing organization while contributing to our mission of sustainable technology innovation.
Responsibilities
Design and execute the strategic vision for our Information Security GRC program
Develop and maintain the Information Security Governance, Risk, and Compliance program, creating policies, procedures, and extending organizational capabilities while ensuring alignment with industry best practices
Drive cross-functional collaboration with IT, Enterprise Risk and Compliance, and other operational teams to implement secure, consistent patterns and expand observability
Identify and prioritize opportunities for improving organizational risk posture
Create and maintain comprehensive Information Security documentation, including a knowledge base, compliance reports, risk registers, and policy documentation
Serve as a subject matter expert in:
Developing and managing the Compliance Program
Coordinating Audit Evidence Gathering
Overseeing User Access Reviews
Developing Policies and Processes
Managing Change Management Processes
Conducting Risk Assessments and Mitigation
Leading Security Awareness and Training Programs
Own and maintain Third Party Risk Management evaluation practices
Maintain the Information Security policy portfolio
Manage operational capabilities including GRC tools and platforms
Oversee the security lifecycle of compliance initiatives and audit preparations
Represent Information Security in partnerships with internal teams and third-party organizations
Develop and maintain a reporting framework to keep stakeholders informed of risks, compliance status, and program progress
Establish and own the Information Security change management review process
Qualifications
7+ years of hands-on experience in Information Security Governance, Risk, and Compliance programs developing risk-centric solutions, leveraging industry standard controls frameworks and implementations.
5+ years of direct ownership in at least 3 of the following:
Compliance Program Management
Audit Evidence Gathering
User Access Reviews
Policy and Process Development
Change Management
Risk Assessment and Mitigation
Security Awareness and Training Programs
Proficiency with 4 or more industry-standard compliance programs (e.g., ISO 27001, CIS v8.1, NIST 800-53/88/171, CMMC, TISAX, SOC 2, Sarbanes-Oxley)
Extensive experience overseeing IT compliance initiatives in mixed on-premises and cloud-based environments (e.g., AWS, GCP, Azure, Entra, Active Directory, etc.), ensuring adherence to industry standards and regulatory requirements
Advanced knowledge of Governance, Risk, and Compliance frameworks and best practices, demonstrable experience in:
Developing and implementing IT security policies and procedures
Conducting risk assessments and managing risk mitigation initiatives
Preparing for and managing internal and external IT audits
Leading security awareness and training programs
Third Party Risk Management Evaluations
Strong understanding of regulatory requirements and industry standards
Familiarity with GRC tools and technologies
Relevant professional certifications such as PMP, CISSP, CIPM, CIPT, CISM, CISA, CRISC, CGEIT, GSEC, GSNA or GCCC
Excellent communication and interpersonal skills, including:
Ability to influence and collaborate with stakeholders at all levels
Strong presentation and report-writing skills
Effective leadership and mentoring abilities
Demonstrated experience in managing complex programs and projects, including developing project plans, and leading cross-functional teams to deliver results on time and within scope.
Excellent attitude, team collaboration, communication, and self-motivation
A passion for sustainability and making the world a better place!
Physical Requirements
Ability to perform essential job functions in compliance with ADA, FMLA, and other relevant federal, state, and local regulations, including meeting both qualitative and quantitative productivity standards
Ability to maintain regular and punctual attendance in line with ADA, FMLA, and applicable standards
Ability to wear personal protective equipment (PPE), including safety gloves, helmets, and eyewear, or additional PPE when required
Ability to lift and carry up to 50 lbs
Ability to communicate clearly and effectively on the telephone, including listening and speaking
Working Conditions
Office setting, manufacturing floor, outdoor job site, or remote work
Exposure to loud noise, extreme heat or cold, dust, fumes, or hazardous chemicals
Required to work weekends, evenings, on-call shifts, or extended hours on a regular basis
Less than 5% of the time, occasional travel, or frequent travel for meetings, site visits, or events
The position is full-time. Compensation will be commensurate with experience.
EEO and Privacy We collect personal information (PI) from you in connection with your application for employment with Redwood Materials, including identifiers, personal records, professional or employment information, and inferences drawn from your PI. We collect your PI for our purposes, including performing services and operations related to your potential employment. If you have additional privacy-related questions, please contact us at privacy@redwoodmaterials.com.
As set forth in Redwood Materials’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.
Voluntary Self-Identification For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.
A disclosure of disability is voluntary; information provided will be used only for compliance with applicable laws. See the Disability and Public Burden sections for details.
Voluntary Self-Identification of Disability Form CC-305 — Page 1 of 1
OMB Control Number 1250-0005 — Expires 04/30/2026
Why are you being asked to complete this form? We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
Completing this form is voluntary, and your information is confidential. No one who makes hiring decisions will see it. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s OFCCP website at www.dol.gov/ofccp.
Disability Status
Disabilities include, but are not limited to:
Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder (e.g., lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS)
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or hard of hearing
Diabetes
Disfigurement
Epilepsy or other seizure disorder
Gastrointestinal disorders
Intellectual or developmental disability
Mental health conditions
Mobility impairment
Nervous system conditions
Neurodivergence
Paralysis
Pulmonary or respiratory conditions
Short stature
Traumatic brain injury
PUBLIC BURDEN STATEMENT: This survey should take about 5 minutes to complete.
#J-18808-Ljbffr