Chief Information Security Officer; CISO

ABOUT NYMBUS

Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.

Nymbus is a remote‑first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.

This is a strategic and operational executive leadership role. We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast‑moving fintech environment supporting banking services for regulated financial institutions.

This role requires someone who:

• Understands regulated financial services environments.
• Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.
• Forms independent, informed perspectives on risk.
• Moves initiatives forward without heavy executive oversight.
• Partners effectively with technology, product, and operations leaders.
• Balances innovation velocity with sound risk management.
• Is comfortable operating in a company leaning into AI in banking.
• Drives timely remediation of identified risks through disciplined follow‑through and executive accountability.
• This is not a policy‑only oversight role. We need a strategic builder, operator, and leader.

• Own and continuously mature the enterprise Information Security Program.
• Align controls and architecture with NIST CSF, NIST 800‑53, FFIEC guidance, PCI DSS, and SOC requirements.
• Conduct proactive program assessments and identify security gaps before they become issues, working cross‑functionally to execute upon risk mitigation objectives.
• Develop and execute a multi‑year security roadmap aligned to business growth and regulatory expectations.
• Present clear, risk‑based recommendations to executive leadership and the Board.

• Translate strategy into measurable execution plans with defined milestones.
• Drive remediation of audit, regulatory, and penetration testing findings.
• Ensure strong incident response, vulnerability management, and change management and development programs.
• Implement metrics that demonstrate real risk reduction and program effectiveness.
• Deliver results.

• Lead and develop a high‑performing Information Security team.
• Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.
• Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
• Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit‑ready.
• Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).
• Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and Dev Sec Ops  integration.
• Build a culture of ownership, urgency, and technical depth cross‑functionally associated with the program.
• Maintain sufficient hands‑on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed.
• Assist in the management of Nymbus' risk log with the ability to identify, manage, and make security risk recommendations.

• Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.
• Partner with the CTO,…