Hybrid Staff Program Manager, Information Security en Redwood Materials

Staff Program Manager, Information Security

Essential Duties: 

We are seeking an experienced Senior Information Security Program Manager for Governance, Risk and Compliance, to lead the preparation and ongoing audit readiness of the Information Security program to ensure the organization's compliance with industry standards. In collaboration with the IT, Enterprise Risk and Compliance, and Quality Assurance teams, and as a representative of the Information Security program, you will drive the maturity of our Information Security Compliance Program, focusing on control ownership and risk management while providing pragmatic, risk-centric advisory services to stakeholders. 

This role offers the opportunity to shape the security posture of a rapidly growing organization while contributing to our mission of sustainable technology innovation. 

Responsibilities Will Include: 

• Design and execute the strategic vision for our Information Security GRC program 
• Develop and maintain the Information Security Governance, Risk, and Compliance program, creating policies, procedures, and extending organizational capabilities while ensuring alignment with industry best practices 
• Drive cross-functional collaboration with IT, Enterprise Risk and Compliance, and other operational teams to implement secure, consistent patterns and expand observability 
• Identify and prioritize opportunities for improving organizational risk posture 
• Create and maintain comprehensive Information Security documentation, including a knowledge base, compliance reports, risk registers, and policy documentation 
• Serve as a subject matter expert in:
  • Developing and managing the Compliance Program
  • Coordinating Audit Evidence Gathering 
  • Overseeing User Access Reviews
  • Developing Policies and Processes
  • Managing Change Management Processes 
  • Conducting Risk Assessments and Mitigation 
  • Leading Security Awareness and Training Programs
• Own and maintain Third Party Risk Management evaluation practices 
• Maintain the Information Security policy portfolio 
• Manage operational capabilities including GRC tools and platforms 
• Oversee the security lifecycle of compliance initiatives and audit preparations 
• Represent Information Security in partnerships with internal teams and third-party organizations 
• Develop and maintain a reporting framework to keep stakeholders informed of risks, compliance status, and program progress 
• Establish and own the Information Security change management review process 

Desired Qualifications: 

• 7+ years of hands-on experience in Information Security Governance, Risk, and Compliance programs developing risk-centric solutions, leveraging industry standard controls frameworks and implementations. 
• 5+ years of direct ownership in at least 3 of the following:  
  • Compliance Program Management 
  • Audit Evidence Gathering 
  • User Access Reviews 
  • Policy and Process Development 

  • Prestaciones adicionales