Senior Manager, Information Security

Description

SHINE Technologies is seeking a Senior Manager, Information Security who will be responsible for leading SHINE’s enterprise information security program, with a balanced focus on cybersecurity governance, risk management, compliance, and oversight of operational security activities. This role provides strategic direction for SHINE’s security posture, ensures alignment with regulatory and contractual obligations, and manages day to day security operations performed by IT staff.

The Senior Manager, Information Security owns SHINE’s security policies, the risk management framework, and the overall maturity of the information security program while partnering across IT, Engineering, Operations, Supply Chain, and other departments to embed security into organizational processes and technical decisions.

The base salary range for this position is $140,000 - $175,000 per year plus a comprehensive compensation package. Our salary ranges are determined by role, level, and location.

• Lead SHINE’s information security program, ensuring policies, controls, and processes are implemented and continuously improved.
• Provide oversight and direction to Cybersecurity staff for operational tasks including monitoring, analysis, vulnerability scanning, and control implementation.
• Maintain SHINE’s Information Security Plan and ensure alignment with NIST 800 171, CMMC, ISO 27001/27002, NRC requirements, and internal standards.
• Ensure proper integration of security requirements into IT systems, cloud platforms, and applicable OT/ICS environments.

• Own the governance framework for information security, including policy management, standards, procedures, and control mappings.
• Manage SHINE’s cybersecurity risk management process, including maintaining the risk register and presenting treatment recommendations to leadership.
• Lead compliance activities for NIST 800 171, CMMC, ISO, and other regulatory frameworks.
• Coordinate internal and external audits, ensuring evidence is complete, accurate, and audit ready.
• Conduct periodic assessments and internal reviews to validate ongoing compliance.

• Develop annual security improvement plans and budget recommendations based on business priorities and risk.
• Identify gaps in security posture and propose operational, technical, and procedural enhancements.
• Participate in cross functional project reviews and ensure security is integrated into new technologies, system changes, and enterprise initiatives.

• Serve as a senior member of the Security Incident Response Team (SIRT).
• Lead incident governance: escalation, communication, documentation, decision making, and after action reviews.
• Direct technical incident response tasks performed by relevant IT Staff.
• Maintain and improve incident response plans, communication models, and readiness processes.

• Provide consultative security guidance for OT/ICS environments where cybersecurity risk, regulatory requirements, or system criticality justify involvement.
• Support reviews of high risk OT changes to assess potential security impacts.
• Partner with Engineering teams to apply appropriate security expectations to critical systems without imposing unnecessary operational burden.

• Lead vendor security assessments and drive ongoing third party cybersecurity monitoring.
• Serve as the primary responder for customer cybersecurity questionnaires, attestation requests, and contract driven security obligations.
• Collaborate with Legal, Supply Chain, and Business Development to ensure cybersecurity terms are understood, feasible, and enforced.

• Oversee the enterprise security awareness program.
• Ensure workforce compliance with annual cybersecurity training and role specific requirements.
• Coordinate with HR and Communications to deliver effective campaigns and reinforce a culture of security.

• Produce and present information security metrics, risk summaries, and…