Senior Manager, Information Security

About The Position

Requirements

• 7+ years of experience in information security, cybersecurity, risk management, or GRC.
• Experience with NIST 800 171, CMMC, ISO 27001/27002, or similar frameworks.
• Broad technical knowledge across networks, systems, cloud environments, and identity management.
• Demonstrated experience leading audits, assessments, or governance programs.
• Solid understanding of information security governance, risk management, and compliance frameworks.
• Strong communication skills with the ability to translate complex risks into business relevant terms.
• Excellent organizational and documentation skills.
• Demonstrated leadership and ability to collaborate across diverse technical and business functions.
• Ability to make informed decisions based on risk, business needs, and technical considerations.
• Bachelor’s degree in Information Security, Computer Science, IT, Engineering, or related field (or equivalent experience).
• Eligibility for employment is conditioned on the applicant’s ability to qualify for access to information subject to U.S. Export Controls. Additionally, applicant’s eligibility may be conditioned based upon meeting the Nuclear Regulatory Commission requirements for access to Safeguards Information, which typically requires a pre-employment drug screen, fingerprinting and criminal background check.

Nice To Haves

• Experience in regulated industries (nuclear, defense, medical, engineering, or manufacturing).
• Familiarity with OT/ICS cybersecurity.
• Experience maturing security programs in small or growing organizations.
• Preferred certifications: CISSP, CISM, CISA, CRISC, Security+, ISO 27001 Lead Implementer/Auditor.

Responsibilities

• Lead SHINE’s information security program, ensuring policies, controls, and processes are implemented and continuously improved.
• Provide oversight and direction to Cybersecurity staff for operational tasks including monitoring, analysis, vulnerability scanning, and control implementation.
• Maintain SHINE’s Information Security Plan and ensure alignment with NIST 800 171, CMMC, ISO 27001/27002, NRC requirements, and internal standards.
• Ensure proper integration of security requirements into IT systems, cloud platforms, and applicable OT/ICS environments.
• Own the governance framework for information security, including policy management, standards, procedures, and control mappings.
• Manage SHINE’s cybersecurity risk management process, including maintaining the risk register and presenting treatment recommendations to leadership.
• Lead compliance activities for NIST 800 171, CMMC, ISO, and other regulatory frameworks.
• Coordinate internal and external audits, ensuring evidence is complete, accurate, and audit ready.
• Conduct periodic assessments and internal reviews to validate ongoing compliance.
• Develop annual security improvement plans and budget recommendations based on business priorities and risk.
• Identify gaps in security posture and propose operational, technical, and procedural enhancements.
• Participate in cross functional project reviews and ensure security is integrated into new technologies, system changes, and enterprise initiatives.
• Serve as a senior member of the Security Incident Response Team (SIRT).
• Lead incident governance: escalation, communication, documentation, decision making, and after action reviews.
• Direct technical incident response tasks performed by relevant IT Staff.
• Maintain and improve incident response plans, communication models, and readiness processes.
• Provide consultative security guidance for OT/ICS environments where cybersecurity risk, regulatory requirements, or system criticality justify involvement.
• Support reviews of high risk OT changes to assess potential security impacts.
• Partner with Engineering teams to apply appropriate security expectations to critical systems without imposing unnecessary operational burden.
• Lead vendor security assessments and drive ongoing third party cybersecurity monitoring.
• Serve as the primary responder for customer cybersecurity questionnaires, attestation requests, and contract driven security obligations.
• Collaborate with Legal, Supply Chain, and Business Development to ensure cybersecurity terms are understood, feasible, and enforced.
• Oversee the enterprise security awareness program.
• Ensure workforce compliance with annual cybersecurity training and role specific requirements.
• Coordinate with HR and Communications to deliver effective campaigns and reinforce a culture of security.
• Produce and present information security metrics, risk summaries, and program updates for IT leadership and executive stakeholders.
• Communicate security issues in clear, actionable terms tailored to both technical and non technical audiences.

Benefits

• comprehensive compensation package
• SHINE values diversity in all its forms as a critical component of innovation, which is fundamental to our success.
• Every member of the SHINE community benefits from the talents and experiences of our peers, from the mutual respect we exercise, and from the responsibility we take for our actions.
• SHINE Technologies is an equal opportunity employer.
• All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
• Pay Transparency Policy
• Employee Rights Under the NLRA
• Equal Opportunity Employment
• E-Verify