Chief Information Security Officer; CISO

Job Description

Company: The Security Executive Council

Location: Hialeah, US

Position: Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO) Organization:

Nymbus
Location:

Fully remote; occasional travel may be required for client meetings and team gatherings.
Description:

About the job

ABOUT NYMBUS:
Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions.

As we continue to scale, we are seeking a strong, decisive Chief Information Security Officer (CISO) to lead and evolve our enterprise security program with confidence and an ability to articulate strong positioning. A strong candidate for this role would avoid passive decisioning and would lead with knowledge and expertise when articulating decisions surrounding our overall security posture.

WORK ENVIRONMENT:
Nymbus is a remote‑first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings.

POSITION SUMMARY:

This is a strategic and operational executive leadership role.

We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast‑moving fintech environment supporting banking services for regulated financial institutions.

This role requires someone who:
• Understands regulated financial services environments.
• Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed.
• Forms independent, informed perspectives on risk.
• Moves initiatives forward without heavy executive oversight.
• Partners effectively with technology, product, and operations leaders.
• Balances innovation velocity with sound risk management.
• Is comfortable operating in a company leaning into AI in banking.
• Drives timely remediation of identified risks through disciplined follow‑through and executive accountability.
• This is not a policy‑only oversight role. We need a strategic builder, operator, and leader.
ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES Security Strategy & Program Maturity
• Own and continuously mature the enterprise Information Security Program.
• Align controls and architecture with NIST CSF, NIST 800‑53, FFIEC guidance, PCI DSS, and SOC requirements.
• Conduct proactive program assessments and identify security gaps before they become issues, working cross‑functionally to execute upon risk mitigation objectives.
• Develop and execute a multi‑year security roadmap aligned to business growth and regulatory expectations.
• Present clear, risk‑based recommendations to executive leadership and the Board.
Operational Execution
• Translate strategy into measurable execution plans with defined milestones.
• Drive remediation of audit, regulatory, and penetration testing findings.
• Ensure strong incident response, vulnerability management, and change management and development programs.
• Implement metrics that demonstrate real risk reduction and program effectiveness.
• Deliver results.
Security Team Leadership & Operational Oversight
• Lead and develop a high‑performing Information Security team.
• Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions.
• Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
• Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit‑ready.
• Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.).
• Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and Dev Sec Ops integration.
• Build a…

Source: Learn4Good