Chief Information Security Officer (CISO)

ABOUT NYMBUSNymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.WORK ENVIRONMENTNymbus is a remote-first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.POSITION SUMMARYThis is a strategic and operational executive leadership role. We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast-moving fintech environment supporting banking services for regulated financial institutions.This role requires someone who:Understands regulated financial services environments.Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.Forms independent, informed perspectives on risk.Moves initiatives forward without heavy executive oversight.Partners effectively with technology, product, and operations leaders.Balances innovation velocity with sound risk management.Is comfortable operating in a company leaning into AI in banking.Drives timely remediation of identified risks through disciplined follow-through and executive accountability.This is not a policy-only oversight role. We need a strategic builder, operator, and leader.ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIESSecurity Strategy & Program MaturityOwn and continuously mature the enterprise Information Security Program.Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements.Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives.Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations.Present clear, risk-based recommendations to executive leadership and the Board.Operational ExecutionTranslate strategy into measurable execution plans with defined milestones.Drive remediation of audit, regulatory, and penetration testing findings.Ensure strong incident response, vulnerability management, and change management and development programs.Implement metrics that demonstrate real risk reduction and program effectiveness.Deliver results.Security Team Leadership & Operational OversightLead and develop a high-performing Information Security team.Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready.Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration.Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program.Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.Assist in the management of Nymbus' risk log with the ability to identify, manage, and make security risk recommendations.Technology & Product PartnershipDevelop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.Partner with the CTO, engineering, product, NOC, and operations leaders.Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices.Enable secure innovation rather than slow it down.Regulatory & Client EngagementServe as the subject matter expert in banking security and regulatory expectations.Lead SOC/PCI audit readiness and regulatory exam preparedness.Engage confidently with regulators, auditors, and bank and credit union clients and prospects.AI Governance & Emerging RiskEstablish governance frameworks for secure and responsible AI usage.Assess model risk, data protection, and security implications of AI-driven products.Stay ahead of evolving regulatory expectations in AI and fintech.QUALIFICATIONS10+ years of progressive experience in information security leadership.Significant experience in banking, financial services, or regulated fintech.Deep knowledge of: NIST CSF & NIST 800-53FFIEC guidancePCI DSSSOC auditsExperience leading cloud-first security programs (AWS and/or GCP).Demonstrated ability to independently assess risk and make defensible decisions.Strong executive communication and cross-functional leadership skills.Experience operating in high-growth or fast-changing environments.Preferred certifications: CISSP, CISM, CRISC or equivalent.WHAT SUCCESS LOOKS LIKEDeliver a clear assessment of current security maturity and risk posture.Execute against agreed remediation priorities on time.Establish strong partnerships across engineering, product, and operations.Build executive confidence through decisive, informed risk leadership.Position security as a strategic enabler of innovation.SALARY & BENEFITSAnnual Cash Bonus and Equity Options commensurate with the role level and experience.Fully Remote.401(k) plan.Insurance – Health, Dental and Vision.Time Off.Ready to join? We invite you to watch this video and learn who we are and how we build and innovates together! Let's Go!J-18808-Ljbffr