Senior Manager, Information Security
Company: SHINE Technologies, LLC
Location: Janesville
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description Description: SHINE Technologies
is seeking a Senior Manager, Information Security who will be
responsible for leading SHINE’s enterprise information security
program, with a balanced focus on cybersecurity governance, risk
management, compliance, and oversight of operational security
activities. This role provides strategic direction for SHINE’s
security posture, ensures alignment with regulatory and contractual
obligations, and manages day to day security operations performed
by IT staff. The Senior Manager, Information Security owns SHINE’s
security policies, the risk management framework, and the overall
maturity of the information security program while partnering
across IT, Engineering, Operations, Supply Chain, and other
departments to embed security into organizational processes and
technical decisions. The base salary range for this position is
$140,000 - $175,000 per year plus a comprehensive compensation
package. Our salary ranges are determined by role, level, and
location. Information Security Program Leadership Lead SHINE’s
information security program, ensuring policies, controls, and
processes are implemented and continuously improved. Provide
oversight and direction to Cybersecurity staff for operational
tasks including monitoring, analysis, vulnerability scanning, and
control implementation. Maintain SHINE’s Information Security Plan
and ensure alignment with NIST 800 171, CMMC, ISO 27001/27002, NRC
requirements, and internal standards. Ensure proper integration of
security requirements into IT systems, cloud platforms, and
applicable OT/ICS environments. 2. Governance, Risk, & Compliance
(Primary Focus) Own the governance framework for information
security, including policy management, standards, procedures, and
control mappings. Manage SHINE’s cybersecurity risk management
process, including maintaining the risk register and presenting
treatment recommendations to leadership. Lead compliance activities
for NIST 800 171, CMMC, ISO, and other regulatory frameworks.
Coordinate internal and external audits, ensuring evidence is
complete, accurate, and audit ready. Conduct periodic assessments
and internal reviews to validate ongoing compliance. 3. Strategic
Planning & Program Maturity Develop annual security improvement
plans and budget recommendations based on business priorities and
risk. Identify gaps in security posture and propose operational,
technical, and procedural enhancements. Participate in cross
functional project reviews and ensure security is integrated into
new technologies, system changes, and enterprise initiatives. 4.
Incident Response Leadership Serve as a senior member of the
Security Incident Response Team (SIRT). Lead incident governance:
escalation, communication, documentation, decision making, and
after action reviews. Direct technical incident response tasks
performed by relevant IT Staff. Maintain and improve incident
response plans, communication models, and readiness processes. 5.
OT/ICS Security Participation (Limited Scope) Provide consultative
security guidance for OT/ICS environments where cybersecurity risk,
regulatory requirements, or system criticality justify involvement.
Support reviews of high risk OT changes to assess potential
security impacts. Partner with Engineering teams to apply
appropriate security expectations to critical systems without
imposing unnecessary operational burden. 6. Third Party & Customer
Cybersecurity Requirements Lead vendor security assessments and
drive ongoing third party cybersecurity monitoring. Serve as the
primary responder for customer cybersecurity questionnaires,
attestation requests, and contract driven security obligations.
Collaborate with Legal, Supply Chain, and Business Development to
ensure cybersecurity terms are understood, feasible, and enforced.
7. Security Awareness & Workforce Engagement Oversee the enterprise
security awareness program. Ensure workforce compliance with annual
cybersecurity training and role specific requirements. Coordinate
with HR and Communications to deliver effective campaigns and
reinforce a culture of security. 8. Reporting & Executive
Communication Produce and present information security metrics,
risk summaries, and program updates for IT leadership and executive
stakeholders. Communicate security issues in clear, actionable
terms tailored to both technical and non technical audiences.
Requirements: Required Experience 7 years of experience in
information security, cybersecurity, risk management, or GRC.
Experience with NIST 800 171, CMMC, ISO 27001/27002, or similar
frameworks. Broad technical knowledge across networks, systems,
cloud environments, and identity management. Demonstrated
experience leading audits, assessments, or governance programs.
Preferred Experience Experience in regulated industries (nuclear,
defense, medical, engineering, or manufacturing). Familiarity with
OT/ICS cybersecurity. Experience maturing security programs in
small or growing organizations. KNOWLEDGE, SKILLS & ABILITIES Solid
understanding of information security governance, risk management,
and compliance frameworks. Strong communication skills with the
ability to translate complex risks into business relevant terms.
Excellent organizational and documentation skills. Demonstrated
leadership and ability to collaborate across diverse technical and
business functions. Ability to make informed decisions based on
risk, business needs, and technical considerations. EDUCATION &
CERTIFICATIONS Bachelor’s degree in Information Security, Computer
Science, IT, Engineering, or related field (or equivalent
experience). Preferred certifications: CISSP, CISM, CISA, CRISC,
Security, ISO 27001 Lead Implementer/Auditor. WORK ENVIRONMENT
Primarily office based with hybrid flexibility as appropriate.
Occasional work within secure or regulated environments. May
require after hours support during security incidents or
operational needs. Eligibility for employment is conditioned on the
applicant’s ability to qualify for access to information subject to
U.S. Export Controls. Additionally, applicant’s eligibility may be
conditioned based upon meeting the Nuclear Regulatory Commission
requirements for access to Safeguards Information, which typically
requires a pre-employment drug screen, fingerprinting and criminal
background check. SHINE values diversity in all its forms as a
critical component of innovation, which is fundamental to our
success. Every member of the SHINE community benefits from the
talents and experiences of our peers, from the mutual respect we
exercise, and from the responsibility we take for our actions.
SHINE Technologies is an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, disability or veteran status. Pay Transparency
Policy Employee Rights Under the NLRA Equal Opportunity Employment
E-Verify
Keywords: SHINE Technologies, LLC, DeKalb , Senior Manager, Information Security, IT / Software / Systems , Janesville, Illinois
