Chief Information Security Officer (CISO)

ABOUT NYMBUS:

Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.

As we continue to scale, we are seeking a strong, decisive Chief Information Security Officer (CISO) to lead and evolve our enterprise security program with confidence and an ability to articulate strong positioning. A strong candidate for this role would avoid passive decisioning and would lead with knowledge and expertise when articulating decisions surrounding our overall security posture.

WORK ENVIRONMENT:

Nymbus is a remote-first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.

POSITION SUMMARY :

This is a strategic and operational executive leadership role.

We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast-moving fintech environment supporting banking services for regulated financial institutions.

This role requires someone who:

• Understands regulated financial services environments.
• Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.
• Forms independent, informed perspectives on risk.
• Moves initiatives forward without heavy executive oversight.
• Partners effectively with technology, product, and operations leaders.
• Balances innovation velocity with sound risk management.
• Is comfortable operating in a company leaning into AI in banking.
• Drives timely remediation of identified risks through disciplined follow-through and executive accountability.
• This is not a policy-only oversight role. We need a strategic builder, operator, and leader.
  
  

ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES:

Security Strategy & Program Maturity

• Own and continuously mature the enterprise Information Security Program.
• Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements.
• Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives.
• Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations.
• Present clear, risk-based recommendations to executive leadership and the Board.
  
  

Operational Execution

• Translate strategy into measurable execution plans with defined milestones.
• Drive remediation of audit, regulatory, and penetration testing findings.
• Ensure strong incident response, vulnerability management, and change management and development programs.
• Implement metrics that demonstrate real risk reduction and program effectiveness.
• Deliver results.
  
  

Security Team Leadership & Operational Oversight

• Lead and develop a high-performing Information Security team.
• Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.
• Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
• Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready.
• Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).
• Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration.
• Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program.
• Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.
• Assist in the management of Nymbus' risk log with the ability to identify, manage, and make security risk recommendations.
  
  

Technology & Product Partnership

• Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.
• Partner with the CTO, engineering, product, NOC, and operations leaders.
• Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices.
• Enable secure innovation rather than slow it down.
  
  

Regulatory & Client Engagement

• Serve as the subject matter expert in banking security and regulatory expectations.
• Lead SOC/PCI audit readiness and regulatory exam preparedness.
• Engage confidently with regulators, auditors, and bank and credit union clients and prospects.
  
  

AI Governance & Emerging Risk

• Establish governance frameworks for secure and responsible AI usage.
• Assess model risk, data protection, and security implications of AI-driven products.
• Stay ahead of evolving regulatory expectations in AI and fintech.
  
  

QUALIFICATIONS:

• 10+ years of progressive experience in information security leadership.
• Significant experience in banking, financial services, or regulated fintech.
• Deep knowledge of:
• NIST CSF & NIST 800-53
• FFIEC guidance
• PCI DSS
• SOC audits
• Experience leading cloud-first security programs (AWS and/or GCP).
• Demonstrated ability to independently assess risk and make defensible decisions.
• Strong executive communication and cross-functional leadership skills.
• Experience operating in high-growth or fast-changing environments.
• Preferred certifications: CISSP, CISM, CRISC or equivalent.
  

WHAT SUCCESS LOOKS LIKE:

Within the first ninety days, the CISO will:

• Deliver a clear assessment of current security maturity and risk posture.
• Execute against agreed remediation priorities on time.
• Establish strong partnerships across engineering, product, and operations.
• Build executive confidence through decisive, informed risk leadership.
• Position security as a strategic enabler of innovation.
  
  

SALARY & BENEFITS:

• Annual Cash Bonus and Equity Options commensurate with the role level and experience.
• Fully Remote.
• 401(k) plan.
• Insurance - Health, Dental and Vision.
• Time Off.
  
  

Ready to join? We invite you to watch this video and learn who we are and how we build and innovates together!

Let's Go!