Chief Information Security Officer (CISO) at Nymbus

<p><strong>ABOUT NYMBUS:</strong></p> <p>Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.</p> <p>As we continue to scale, we are seeking a strong, decisive Chief Information Security Officer (CISO) to lead and evolve our enterprise security program with confidence and an ability to articulate strong positioning. A strong candidate for this role would avoid passive decisioning and would lead with knowledge and expertise when articulating decisions surrounding our overall security posture.</p> <p>&nbsp;</p> <p><strong>WORK ENVIRONMENT:</strong></p> <p>Nymbus is a remote-first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.</p> <p>&nbsp;</p> <p><strong>POSITION SUMMARY</strong>:</p> <p>This is a strategic and operational executive leadership role.</p> <p>We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast-moving fintech environment supporting banking services for regulated financial institutions.</p> <p>This role requires someone who:</p> <ul> <li>Understands regulated financial services environments.</li> <li>Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.</li> <li>Forms independent, informed perspectives on risk.</li> <li>Moves initiatives forward without heavy executive oversight.</li> <li>Partners effectively with technology, product, and operations leaders.</li> <li>Balances innovation velocity with sound risk management.</li> <li>Is comfortable operating in a company leaning into AI in banking.</li> <li>Drives timely remediation of identified risks through disciplined follow-through and executive accountability.</li> <li>This is not a policy-only oversight role. We need a strategic builder, operator, and leader.</li> </ul> <p><br><strong>ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES:</strong></p> <p><strong>Security Strategy &amp; Program Maturity</strong></p> <ul> <li>Own and continuously mature the enterprise Information Security Program.</li> <li>Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements.</li> <li>Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives.</li> <li>Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations.</li> <li>Present clear, risk-based recommendations to executive leadership and the Board.</li> </ul> <p><strong>Operational Execution</strong></p> <ul> <li>Translate strategy into measurable execution plans with defined milestones.</li> <li>Drive remediation of audit, regulatory, and penetration testing findings.</li> <li>Ensure strong incident response, vulnerability management, and change management and development programs.</li> <li>Implement metrics that demonstrate real risk reduction and program effectiveness.</li> <li>Deliver results.</li> </ul> <p><strong>Security Team Leadership &amp; Operational Oversight</strong></p> <ul> <li>Lead and develop a high-performing Information Security team.</li> <li>Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.</li> <li>Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.</li> <li>Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready.</li> <li>Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).</li> <li>Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration.</li> <li>Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program.</li> <li>Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.</li> <li>Assist in the management of Nymbus’ risk log with the ability to identify, manage, and make security risk recommendations.&nbsp;</li> </ul> <p><strong>Technology &amp; Product Partnership</strong></p> <ul> <li>Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.</li> <li>Partner with the CTO, engineering, product, NOC, and operations leaders.</li> <li>Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices.</li> <li>Enable secure innovation rather than slow it down.</li> </ul> <p><strong>Regulatory &amp; Client Engagement</strong></p> <ul> <li>Serve as the subject matter expert in banking security and regulatory expectations.</li> <li>Lead SOC/PCI audit readiness and regulatory exam preparedness.</li> <li>Engage confidently with regulators, auditors, and bank and credit union clients and prospects.</li> </ul> <p><strong>AI Governance &amp; Emerging Risk</strong></p> <ul> <li>Establish governance frameworks for secure and responsible AI usage.</li> <li>Assess model risk, data protection, and security implications of AI-driven products.</li> <li>Stay ahead of evolving regulatory expectations in AI and fintech.</li> </ul> <p>&nbsp;</p> <p><strong>QUALIFICATIONS:</strong></p> <ul> <li>10+ years of progressive experience in information security leadership.</li> <li>Significant experience in banking, financial services, or regulated fintech.</li> <li>Deep knowledge of:</li> <ul> <li>NIST CSF &amp; NIST 800-53</li> <li>FFIEC guidance</li> <li>PCI DSS</li> <li>SOC audits</li> </ul> <li>Experience leading cloud-first security programs (AWS and/or GCP).</li> <li>Demonstrated ability to independently assess risk and make defensible decisions.</li> <li>Strong executive communication and cross-functional leadership skills.</li> <li>Experience operating in high-growth or fast-changing environments.</li> <li>Preferred certifications: CISSP, CISM, CRISC or equivalent.</li> </ul> <p>&nbsp;</p> <p><strong>WHAT SUCCESS LOOKS LIKE:</strong></p> <p>Within the first ninety days, the CISO will:</p> <ul> <li>Deliver a clear assessment of current security maturity and risk posture.</li> <li>Execute against agreed remediation priorities on time.</li> <li>Establish strong partnerships across engineering, product, and operations.</li> <li>Build executive confidence through decisive, informed risk leadership.</li> <li>Position security as a strategic enabler of innovation.</li> </ul> <p>&nbsp;</p> <p><strong>SALARY &amp; BENEFITS:</strong></p> <ul> <li>$180,000 - $230,000 Annual Salary</li> <li>Annual Cash Bonus and Equity Options commensurate with the role level and experience.</li> <li>Fully Remote.</li> <li>401(k) plan.</li> <li>Insurance - Health, Dental and Vision.</li> <li>Time Off.</li> </ul><div class="content-conclusion"><p><span style="font-weight: 400;">Ready to join?&nbsp; We invite you to watch this <a href="https://youtu.be/Rdc8xDsNiAs" target="_blank">video</a> and learn who we are and how we build and innovates together!</span></p> <p><span style="font-weight: 400;">Let’s Go!</span></p></div>