Chief Information Security Officer, CISO

Job Description: • Own and continuously mature the enterprise Information Security Program. • Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements. • Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives. • Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations. • Present clear, risk-based recommendations to executive leadership and the Board. • Translate strategy into measurable execution plans with defined milestones. • Drive remediation of audit, regulatory, and penetration testing findings. • Ensure strong incident response, vulnerability management, and change management and development programs. • Implement metrics that demonstrate real risk reduction and program effectiveness. • Lead and develop a high-performing Information Security team. • Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions. • Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems. • Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready. • Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.). • Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration. • Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program. • Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed. • Assist in the management of Nymbus’ risk log with the ability to identify, manage, and make security risk recommendations. • Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives. • Partner with the CTO, engineering, product, NOC, and operations leaders. • Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices. • Enable secure innovation rather than slow it down. • Serve as the subject matter expert in banking security and regulatory expectations. • Lead SOC/PCI audit readiness and regulatory exam preparedness. • Engage confidently with regulators, auditors, and bank and credit union clients and prospects. • Establish governance frameworks for secure and responsible AI usage. • Assess model risk, data protection, and security implications of AI-driven products. • Stay ahead of evolving regulatory expectations in AI and fintech. Requirements: • 10+ years of progressive experience in information security leadership. • Significant experience in banking, financial services, or regulated fintech. • Deep knowledge of: • NIST CSF & NIST 800-53 • FFIEC guidance • PCI DSS • SOC audits • Experience leading cloud-first security programs (AWS and/or GCP). • Demonstrated ability to independently assess risk and make defensible decisions. • Strong executive communication and cross-functional leadership skills. • Experience operating in high-growth or fast-changing environments. • Preferred certifications: CISSP, CISM, CRISC or equivalent. Benefits: • Annual Cash Bonus and Equity Options commensurate with the role level and experience. • Fully Remote. • 401(k) plan. • Insurance - Health, Dental and Vision. • Time Off.