Chief Information Security Officer (CISO)

ABOUT NYMBUS

Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.

WORK ENVIRONMENT

Nymbus is a remote‑first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.

POSITION SUMMARY

This is a strategic and operational executive leadership role. We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast‑moving fintech environment supporting banking services for regulated financial institutions.

This role requires someone who:

• Understands regulated financial services environments.
• Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.
• Forms independent, informed perspectives on risk.
• Moves initiatives forward without heavy executive oversight.
• Partners effectively with technology, product, and operations leaders.
• Balances innovation velocity with sound risk management.
• Is comfortable operating in a company leaning into AI in banking.
• Drives timely remediation of identified risks through disciplined follow‑through and executive accountability.
• This is not a policy‑only oversight role. We need a strategic builder, operator, and leader.

ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES

Security Strategy & Program Maturity

• Own and continuously mature the enterprise Information Security Program.
• Align controls and architecture with NIST CSF, NIST 800‑53, FFIEC guidance, PCI DSS, and SOC requirements.
• Conduct proactive program assessments and identify security gaps before they become issues, working cross‑functionally to execute upon risk mitigation objectives.
• Develop and execute a multi‑year security roadmap aligned to business growth and regulatory expectations.
• Present clear, risk‑based recommendations to executive leadership and the Board.

Operational Execution

• Translate strategy into measurable execution plans with defined milestones.
• Drive remediation of audit, regulatory, and penetration testing findings.
• Ensure strong incident response, vulnerability management, and change management and development programs.
• Implement metrics that demonstrate real risk reduction and program effectiveness.
• Deliver results.

Security Team Leadership & Operational Oversight

• Lead and develop a high‑performing Information Security team.
• Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.
• Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
• Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit‑ready.
• Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).
• Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration.
• Build a culture of ownership, urgency, and technical depth cross‑functionally associated with the program.
• Maintain sufficient hands‑on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.
• Assist in the management of Nymbus' risk log with the ability to identify, manage, and make security risk recommendations.

Technology & Product Partnership

• Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.
• Partner with the CTO, engineering, product, NOC, and operations leaders.
• Ensure strong embedded security controls into SDLC, DevOps, and cloud‑native development practices.
• Enable secure innovation rather than slow it down.

Regulatory & Client Engagement

• Serve as the subject matter expert in banking security and regulatory expectations.
• Lead SOC/PCI audit readiness and regulatory exam preparedness.
• Engage confidently with regulators, auditors, and bank and credit union clients and prospects.

AI Governance & Emerging Risk

• Establish governance frameworks for secure and responsible AI usage.
• Assess model risk, data protection, and security implications of AI‑driven products.
• Stay ahead of evolving regulatory expectations in AI and fintech.

QUALIFICATIONS

• 10+ years of progressive experience in information security leadership.
• Significant experience in banking, financial services, or regulated fintech.
• Deep knowledge of:
  • NIST CSF & NIST 800‑53
  • FFIEC guidance
  • PCI DSS
  • SOC audits
• Experience leading cloud‑first security programs (AWS and/or GCP).
• Demonstrated ability to independently assess risk and make defensible decisions.
• Strong executive communication and cross‑functional leadership skills.
• Experience operating in high‑growth or fast‑changing environments.
• Preferred certifications: CISSP, CISM, CRISC or equivalent.

WHAT SUCCESS LOOKS LIKE

• Deliver a clear assessment of current security maturity and risk posture.
• Execute against agreed remediation priorities on time.
• Establish strong partnerships across engineering, product, and operations.
• Build executive confidence through decisive, informed risk leadership.
• Position security as a strategic enabler of innovation.

SALARY & BENEFITS

• Annual Cash Bonus and Equity Options commensurate with the role level and experience.
• Fully Remote.
• 401(k) plan.
• Insurance – Health, Dental and Vision.
• Time Off.

Ready to join? We invite you to watch this video and learn who we are and how we build and innovates together! Let's Go!