Chief Information Security Officer (CISO)

Nymbus, Inc.

1d•Remote

About The Position

Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions. As we continue to scale, we are seeking a strong, decisive Chief Information Security Officer (CISO) to lead and evolve our enterprise security program with confidence and an ability to articulate strong positioning. A strong candidate for this role would avoid passive decisioning and would lead with knowledge and expertise when articulating decisions surrounding our overall security posture. This is a strategic and operational executive leadership role. We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast-moving fintech environment supporting banking services for regulated financial institutions. This role requires someone who: Understands regulated financial services environments. Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed. Forms independent, informed perspectives on risk. Moves initiatives forward without heavy executive oversight. Partners effectively with technology, product, and operations leaders. Balances innovation velocity with sound risk management. Is comfortable operating in a company leaning into AI in banking. Drives timely remediation of identified risks through disciplined follow-through and executive accountability. This is not a policy-only oversight role. We need a strategic builder, operator, and leader.

Requirements

10+ years of progressive experience in information security leadership.
Significant experience in banking, financial services, or regulated fintech.
Deep knowledge of: NIST CSF & NIST 800-53 FFIEC guidance PCI DSS SOC audits
Experience leading cloud-first security programs (AWS and/or GCP).
Demonstrated ability to independently assess risk and make defensible decisions.
Strong executive communication and cross-functional leadership skills.
Experience operating in high-growth or fast-changing environments.

Nice To Haves

Preferred certifications: CISSP, CISM, CRISC or equivalent.

Responsibilities

Own and continuously mature the enterprise Information Security Program.
Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements.
Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives.
Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations.
Present clear, risk-based recommendations to executive leadership and the Board.
Translate strategy into measurable execution plans with defined milestones.
Drive remediation of audit, regulatory, and penetration testing findings.
Ensure strong incident response, vulnerability management, and change management and development programs.
Implement metrics that demonstrate real risk reduction and program effectiveness.
Deliver results.
Lead and develop a high-performing Information Security team.
Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.
Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready.
Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).
Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration.
Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program.
Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.
Assist in the management of Nymbus’ risk log with the ability to identify, manage, and make security risk recommendations.
Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.
Partner with the CTO, engineering, product, NOC, and operations leaders.
Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices.
Enable secure innovation rather than slow it down.
Serve as the subject matter expert in banking security and regulatory expectations.
Lead SOC/PCI audit readiness and regulatory exam preparedness.
Engage confidently with regulators, auditors, and bank and credit union clients and prospects.
Establish governance frameworks for secure and responsible AI usage.
Assess model risk, data protection, and security implications of AI-driven products.
Stay ahead of evolving regulatory expectations in AI and fintech.

Benefits

Annual Cash Bonus and Equity Options commensurate with the role level and experience.
Fully Remote.
401(k) plan.
Insurance - Health, Dental and Vision.
Time Off.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume