VP, Information Security Architecture

POSITION SUMMARY: 

The VP, Information Security Architect at Nymbus is a pivotal role responsible for the design, architecture, and management of the Company’s Information Security program. This position plays a crucial part in safeguarding the data and assets of Nymbus and its banking and credit union clients, enabling and ensuring compliance with established Information Security policies, regulations, and industry best practices. The role involves conducting risk assessments of the Nymbus’ network, cloud, applications, and endpoint activities, proposing necessary adjustments/mitigations, and implementing security controls or tools to mitigate cyber risks. The overarching goal is to ensure that the Company’s data remain secure in alignment with Company, IT, and Information Security policies. 

In this role, the VP will lead the architecture, design, and implementation of multiple security projects alongside a team of information and cybersecurity SME’s. This includes participating in Business and Information Technology projects to recommend applicable security controls and solutions, providing guidance for a secure security infrastructure and software design, and proactively developing and enforcing security plans and standards. The position requires gathering and analyzing performance and compliance data related to information security and risk management standards, managing trade-offs between new tools and existing security measures, and identifying opportunities for process improvement. The VP will also stay abreast of emerging security technologies, propose integrations into the security architecture, and maintain strong technical security skills relevant to both cloud and on-premises solutions. As a Subject Matter Expert (SME) in various technical information security domains, the VP will incorporate industry best practices into security architecture design and implementation. The role includes identifying and assessing vulnerabilities and risks to enterprise applications and infrastructure, developing technical solutions to counter these vulnerabilities, and conducting research to identify potential attack vectors against the organization. Furthermore, the VP will ensure alignment between security architecture and regulatory requirements, lead the security program, and provide guidance on security best practices to cross-functional development, engineering, implementation, and operations teams.

ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES:

• Responsible for oversight and administration of the Information Security program at Nymbus, as applicable to the Company and the products and services it provides to its banking and credit union clients, following banking regulatory best practices.
• Responsible for the oversight of a team of subject matter experts 
• Responsible for Oversight and Implementation of  Security Incident Response Plan
• Drive the architecture, design, implementation, and define operational directives on multiple security projects according to the company’s strategic operations plan. 
• Provide guidance and recommendations for a secure design of both application development and cloud infrastructure, interacting with both internal and external stakeholders, including banking and credit union information security and IT teams.
• Proactively develop and enforce security plans and standards. Collaborate with risk management and compliance teams to add items to the Risk Log, assessing the inherent and residual risk of new security items, and assisting in defining the resolution path for items noted.
• Gather and analyze performance and compliance data/metrics relating to the Company’s information security and information risk management standards. Recommend improvements or risk mitigations and work effectively with cross-functional teams to enable risk mitigation measures for new projects, products, and services.
• Manage trade-offs and determine cost-benefits between new tools to be implemented to the current security stack, and improve existing tools by reconfiguring, repurposing, or training.
• Identify and evaluate opportunities for process improvement.
• Stay updated with emerging security technologies and propose integration to the security architecture as needed.
• Serve as Subject Matter Expert (SME) across technical information security domains.
• Identify and assess vulnerabilities and risks to enterprise applications infrastructure and data.
• Develop and implement technical solutions to counter vulnerabilities and risks.
• Conduct research to identify attack vectors against the organization and develop solutions for emerging threats.
• Track current and emerging security threats, design and implement security solutions to mitigate them.
• Evaluate the potential exposure to security risks / threats and recommend appropriate mitigation.
• Ensure alignment between security architecture with framework, standards and overall business strategy and regulatory requirements such as NIST CSF, NIST 800-53 and CIS, or similar.
• Lead the application security program by identifying key risk factors in internal and vendor provided applications.
• Provide guidance to team members and business units by advising on security and configuration best practices, defense-in-depth and SDLC.
• Supervise the execution of the penetration test program to reach defined objectives.
• Participate in establishing, planning, and administering overall program and goals for the system security requirements and baseline configurations.
• Lead  efforts to remediate audit and regulatory findings and recommendations related to Information Security.
• Develop architectural solutions to meet compliance requirements and industry standards, including but not limited to: SOC, PCI, and state and federal regulations.
• Lead PCI DSS Program across cross functional team and SOC yearly Audit 

QUALIFICATIONS:

• College degree in Information Technology or Information Security or equivalent work experience
• Prior banking or broader financial services, including fintech / service provider experience
• Requires one or more of the following certifications: CISSP, CISM, CRISC, CISA, Security+, EnCE, CEH, OSCP, GIAC 
• 5+ years experience in Information Security Operations or Information Security Risk Management, preferably in the financial services industry.
• 5+ years experience in a Security Engineering or Security Architecture role with proficiency in SIEM, EDR/XDR, IDS/IPS, WAF, IAM, FW, AWS, GCP and AVs.
• Proven experience in securing and implementing policies for Cloud Technologies (GCP, AWS) and Google Workspace Enterprise 
• Proven experience in Application Security and assessing Third-parties.
• Strong understanding of networking, communication and secure email protocols (TCP/IP, UDP, SSL/TLS, IPSEC, SPF, DKIM, DMARC, DNSSEC, etc).
• Experience performing and assessing the effectiveness of vulnerability management programs and performing security assessments of internal and external systems based on industry standards.
• Experience with Secure Development Life Cycle (SDLC) practices and application security testing, including implementation and use of static and dynamic application security testing platforms preferred.
• Prior experience with secure design within AWS, GCP, hybrid cloud/on Prem DataCenter, 
• Collaboration with a  third-party risk management program experience preferred.
• Experience with cloud security solutions and architecture.
• Knowledge of regulatory compliance frameworks such as PCI DSS, SOC, and GDPR.
• Well-developed written and oral communications skills, and the ability to communicate effectively with people at every level of the organization
• Proven ability working in teams with a collaborative management and coaching style.
• Ability to be flexible with regards to work schedule, and travel as necessary

WORK ENVIRONMENT:

This job operates in a remote role. This job requires a person to be flexible with regards to work schedule to allow for on-call availability as well as occasional travel. 

PHYSICAL DEMANDS:

The physical demands described here are representative of those that must be met by an employee to successfully perform the primary functions of this job. While performing the duties of this job, the employee is frequently required to sit; use hands and fingers to operate computer equipment; and occasionally required to stand and walk.  Specific vision abilities required by this job include close vision, distance vision and ability to adjust focus. 

SALARY & BENEFITS:

• Competitive Annual Salary 
• Annual Cash Bonus and Equity Options commensurate with the role level and experience
• 100% Fully Remote
• Robust 401(k) plan with company match
• Insurance - Health, Dental and Vision (Nymbus covers 100% of the Basic Dental premiums)
• Flexible Paid Time Off

Ready to join?  We invite you to watch this video and learn who we are and how we build and innovates together!

Let’s Go!