CISSP isn't necessarily only for managers -- it's also useful for those who work in project management, governance, access control, security awareness training, security architecture, and the more "human" aspects of IT security, or those with knowledge spanning more than one discipline, like a consultant. Any architect or high level IS position out there will most likely want a CISSP coming in the door, or within 6 months of hire.
I teach undergraduate IT classes in my copious spare time, and I recommend Security+ for my students just starting out in the field to help get their foot in the door to complement the A+ and Network+ required by the degree programs. I then recommend they consider GIAC certifications or vendor certifications (MS, CIsco, Juniper, etc) depending on where they want to specialize, and if an employer will foot the bill. For those who alread have the work experience, I would not recommend the Security+ certification over the GIAC certifications, unless you are footing the bill yourself. I'd consider it a good practice run, and if you already work in security or operations, the exam is a breeze.
I recommend the CISSP associate level to graduate students (MS, PhD) who intend to pursue research or higher level positions that require understanding of more than one domain in IS and how they interleave.

I absolutely agree that most HR departments don't know the depth and breadth of the IT community, let alone IS, and are in most instances not reading resumes, just looking for keywords. Remember, this was a discussion of the overall best certifications in demand for IT in general. It's a big field.