ABOUT NYMBUS: Nymbus is a modern fintech company delivering technology solutions to banks and credit unions. We operate in a highly regulated environment and partner closely with financial institutions to power modern core transformations and broader outsourced digital banking brand solutions. As we continue to scale, we are seeking a strong, decisive Chief Information Security Officer (CISO) to lead and evolve our enterprise security program with confidence and an ability to articulate strong positioning. A strong candidate for this role would avoid passive decisioning and would lead with knowledge and expertise when articulating decisions surrounding our overall security posture. WORK ENVIRONMENT: Nymbus is a remote-first organization. This position is fully remote; however, occasional travel may be required for client meetings or designated team gatherings. POSITION SUMMARY: This is a strategic and operational executive leadership role. We are looking for a CISO who brings deep banking regulatory expertise (NIST, FFIEC, PCI, SOC) and can proactively assess and continue to enhance a security program in a fast-moving fintech environment supporting banking services for regulated financial institutions. This role requires someone who: - Understands regulated financial services environments. - Has a strong skillset for pivoting to address any security gaps identified, influencing and leading any remediation needed. - Forms independent, informed perspectives on risk. - Moves initiatives forward without heavy executive oversight. - Partners effectively with technology, product, and operations leaders. - Balances innovation velocity with sound risk management. - Is comfortable operating in a company leaning into AI in banking. - Drives timely remediation of identified risks through disciplined follow-through and executive accountability. - This is not a policy-only oversight role. We need a strategic builder, operator, and leader. ESSENTIAL JOB FUNCTIONS/RESPONSIBILITIES: Security Strategy & Program Maturity - Own and continuously mature the enterprise Information Security Program. - Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements. - Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives. - Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations. - Present clear, risk-based recommendations to executive leadership and the Board. Operational Execution - Translate strategy into measurable execution plans with defined milestones. - Drive remediation of audit, regulatory, and penetration testing findings. - Ensure strong incident response, vulnerability management, and change management and development programs. - Implement metrics that demonstrate real risk reduction and program effectiveness. - Deliver results. Security Team Leadership & Operational Oversight - Lead and develop a high-performing Information Security team. - Provide clear direction, prioritization, and performance accountability across detection engineering, vulnerability management, application security, and security architecture functions. - Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems. - Ensure security diagrams, architecture artifacts, and workflow documentation accurately reflect implemented controls and are audit-ready. - Establish measurable performance objectives and operational KPIs for the security team in collaboration with teams responsible for execution (MTTR, vulnerability remediation SLAs, detection coverage, control validation, etc.). - Drive automation and continuous improvement across monitoring, alert triage, vulnerability remediation, and DevSecOps integration. - Build a culture of ownership, urgency, and technical depth cross-functionally associated with the program. - Maintain sufficient hands-on familiarity with security tooling and architecture to effectively challenge assumptions, validate control effectiveness, and provide technical direction when needed. - Assist in the management of Nymbus’ risk log with the ability to identify, manage, and make security risk recommendations. Technology & Product Partnership - Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives. - Partner with the CTO, engineering, product, NOC, and operations leaders. - Ensure strong embedded security controls into SDLC, DevOps, and cloud-native development practices. - Enable secure innovation rather than slow it down. Regulatory & Client Engagement - Serve as the subject matter expert in banking security and regulatory expectations. - Lead SOC/PCI audit readiness and regulatory exam preparedness. - Engage confidently with regulators, auditors, and bank and credit union clients and prospects. AI Governance & Emerging Risk - Establish governance frameworks for secure and responsible AI usage. - Assess model risk, data protection, and security implications of AI-driven products. - Stay ahead of evolving regulatory expectations in AI and fintech. QUALIFICATIONS: - 10+ years of progressive experience in information security leadership. - Significant experience in banking, financial services, or regulated fintech. - Deep knowledge of: - NIST CSF & NIST 800-53 - FFIEC guidance - PCI DSS - SOC audits - Experience leading cloud-first security programs (AWS and/or GCP). - Demonstrated ability to independently assess risk and make defensible decisions. - Strong executive communication and cross-functional leadership skills. - Experience operating in high-growth or fast-changing environments. - Preferred certifications: CISSP, CISM, CRISC or equivalent. WHAT SUCCESS LOOKS LIKE: Within the first ninety days, the CISO will: - Deliver a clear assessment of current security maturity and risk posture. - Execute against agreed remediation priorities on time. - Establish strong partnerships across engineering, product, and operations. - Build executive confidence through decisive, informed risk leadership. - Position security as a strategic enabler of innovation. SALARY & BENEFITS: - Annual Cash Bonus and Equity Options commensurate with the role level and experience. - Fully Remote. - 401(k) plan. - Insurance - Health, Dental and Vision. - Time Off. Ready to join? We invite you to watch this video and learn who we are and how we build and innovates together! Let’s Go!

FULL-TIME JOB VACANCY Director, Information Security Information Security Division Multiple Locations Considered Application Deadline: March 29th Human Rights Watch (“HRW”) is seeking a highly skilled and forward-thinking Director of Information Security to lead our efforts in ensuring robust digital security practices across our globally dispersed organization. This critical role involves safeguarding HRW’s ability to investigate abuses, expose facts, and advocate for human rights by maintaining a secure digital environment in over 45 countries. The Director of Information Security will be at the forefront of responding to evolving threats from governments, non-state actors, and other adversaries while fostering a culture of security awareness and resilience within the organization. Reporting to the Chief Information Officer (CIO), the Director of Information Security will work closely with the Director of IT Operations and the Director of Enterprise Applications to ensure cohesive strategies across HRW’s technical ecosystem. The Director will manage a dedicated team of three, closely collaborate with the Director of Physical Security, and engage with internal and external security advisors to provide strategic leadership on digital security. This role involves navigating complex and varied operational environments, advising on security best practices, and supporting HRW’s mission with effective and innovative solutions, including real-time crisis management. The successful candidate will also work with non-technical staff to build trust, solve problems, and ensure digital security is embedded across all organizational functions. This position may be based in the following locations where HRW has an office: New York, Washington, London, Brussels, Amsterdam, Berlin, Amman, Nairobi, or Johannesburg. This position will be able to work remotely, but will be expected to travel to HRW offices as required. Responsibilities: 1. Design, manage, and supervise all aspects of the Information Security program including work plan development and implementation, priority and objective development, monitoring and evaluation, budget monitoring and management, reporting, and collaboration with donors and other partners; 2. Implement and maintain an information security risk management program, and work closely with the Director of Physical Security to implement cohesive security risk management frameworks within Departments across HRW; 3. Advise on technical security concepts pertaining to network security, email security, remote data and third party security; 4. Develop and manage global information security policies, standards, guidelines and procedures to assess, balance, and minimize risk and ensure the confidentiality, integrity, and availability of systems and data. 5. Lead information security planning processes and implementation to establish and/or enhance an inclusive and comprehensive information security program in support of all information systems and technologies; 6. Provide operational security and safety advice as required to managers and staff on the preparation and execution of higher-risk projects and activities, including direct digital security support and advice during the travel or other deployment/presence in higher risk contexts or conducting higher risk activities in coordination with the Director of Physical Security; 7. Provide security incident response in coordination with the Director of Physical Security; 8. Work with the Director of Physical Security to advise on operational security measures and measures for all HRW staff; 9. Proactively work with all HRW departments to craft policies and solutions that mesh well with how HRW staff work; Implement practices that will ensure the highest levels of protection of organizational assets; 10. Serve as a resource for staff and partners on technology issues as they pertain to programmatic research especially around HRW’s particularly sensitive work on net freedom issues including surveillance and global internet technology; 11. Proactively identify and analyze attempts at compromise and offer solutions to prevent future compromise; 12. Lead, motivate, and mentor direct-reports, including communicating clear expectations, setting performance objectives, providing regular and timely constructive feedback, ensuring balanced workload, providing guidance on professional growth, and monitoring staff well-being as it pertains to stress and resilience. issues and self-care; 13. In collaboration with the Director of Physical Security, prepare and present reports on security matters to senior leadership, internal stakeholders, and the HRW Board of Directors as required; 14. Establish and maintain information networks and relationships globally with relevant civil society counterparts, security contacts, government, intelligence, and/or law enforcement contacts, as well as corporate and third party resources, to inform both changing strategy requirements, and ensure HRW and its counterparts are responsive to near and far term risks; 15. Stay informed of and recommend leading, innovative solutions for applicable information security applications, as well as keeping up with industry trends and changes; 16. Be an ambassador for HRW and security best practices in the fields of Human Rights and technology and build relationships with people, organizations, and within sectors that may serve to advance the goals above; 17. Perform other duties as necessary. Qualifications: Education and Experience: A level of education that when combined with your professional experience will adequately show you have the capability to lead information security at HRW. We anticipate that successful candidates will have around 10 years of experience in the Information Security field, and around 5 years of management experience, but are eager to hear from candidates who feel confident that they can perform well in this role even if they do not have this level of experience, and particularly if they are from backgrounds underrepresented in the field. Candidates who have relevant academic degrees or security certifications are encouraged to apply, but this is a plus - not a requirement. Related Skills and Knowledge: 1. 3-5 years experience in managing a team. 2. Extensive knowledge of information security and risk management, ideally in the context of an international organization or in journalism with practical experience in high risk and complex operating environments. 3. Security management experience and/or prior director level role in a related field is required. 4. Working knowledge of the risks associated with human rights and/or civil society activism and/or journalism globally is required 5. Experience securing a Windows Azure Active Directory environment. 6. Strong experience and practice in practical security issues and solutions 7. Strong technical understanding of the digital threats faced by HRDs, and digital security tools and tactics for targeted and vulnerable populations, including encryption, circumvention, and anonymization technologies and secure configuration and use of devices. 8. Excellent oral and written communication skills in English are required, particularly relating technical topics to lay audiences and persons from a variety of cultural and educational backgrounds. Ability to apply strong analytical skills to interpret and translate complex terms, concepts, and issues into language easily comprehensible to non-experts. 9. Creativity with excellent analytical skills, ability to multi-task and strong project management skills are required. 10. A high level of resilience and drive, able to be flexible, adapt to change as required, choose a course of action, developing appropriate solutions and/or reaching conclusions. 11. Ability to cope well under pressure and demonstrate excellent judgment. 12. Demonstrated ability to work with diverse and cross-cultural teams to achieve common objectives; collaborative and team-oriented with an “enabling” mindset. Other: Willingness to partake in extensive global travel is required. Salary and Benefits: HRW seeks exceptional applicants and offers competitive compensation and employer-paid benefits including medical, dental, vision, disability and life insurance. HRW offers a relocation assistance package and will assist employees in obtaining necessary work authorization, if required; people of all nationalities are encouraged to apply. The salary range for this position if based in the US is USD 150,000 – 165,000 plus benefits. Salary ranges outside of the US vary based on location, and you will receive specific salary ranges based on your location early during the recruitment process. How to Apply: Please apply by March 29th, 2026, by visiting our online job portal at careers.hrw.org and attaching a cover letter and resume, preferably in PDF format. No calls or email inquiries, please. Only complete applications will be reviewed, and only shortlisted candidates will be contacted. If you are experiencing technical difficulties with your application submission or require a disability related accommodation, please email recruitment@hrw.org. Due to the large response, application submissions via email will not be accepted and inquiries regarding the status of applications will go unanswered. Human Rights Watch is strong because it is diverse. We actively seek a diverse applicant pool and encourage candidates of all backgrounds to apply. Human Rights Watch does not discriminate on the basis of disability, age, gender identity and expression, national origin, race and ethnicity, religious beliefs, sexual orientation, or criminal record. We welcome all kinds of diversity. Our employees include people who are parents and nonparents, the self-taught and university educated, and from a wide span of socio- economic backgrounds and perspectives on the world. Human Rights Watch is an equal opportunity employer. Human Rights Watch is an international human rights monitoring and advocacy organization known for its in-depth investigations, its incisive and timely reporting, its innovative and high- profile advocacy campaigns, and its success in changing the human rights-related policies and practices of influential governments and international institutions.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Senior Risk Mitigation and Security Manager plays a critical role in protecting the credit union through strong risk management, vendor oversight, and business continuity programs. This position ensures appropriate bond and insurance coverage and supports robust information security practices, physical security measures, and lease administration. The ideal candidate builds strong cross-departmental relationships, actively listens, understands operational workflows, and thinks strategically. This position is remote; however, we prefer candidates who can commute to a branch within the credit union network within a reasonable timeframe. - Deliver exceptional service to internal and external members, demonstrating comprehensive knowledge of credit union products, services, and processes, and associated risks. - Lead the administration of the vendor management program, business continuity plan, and enterprise risk management tool, as well as act as the primary responsible party for bond and insurance coverage and claims. - Conduct regular risk assessments, analyze vulnerabilities, identify controls, and recommend strategies to minimize exposure at the department-level and across the organization. - Support security and safety programs, including physical security measures and information security through involvement with the Information Security Committee. - Collaborate with internal teams, regulators, and third-party vendors to ensure compliance with laws, regulations, and internal standards applicable to the role. Qualifications - Bachelor’s degree or equivalent education combined with 5–7 years of risk management or related experience in financial services, or a comparable mix of education and transferable skills. - Prior experience in a banking or credit union environment is required to ensure deep understanding of financial-sector risk and regulatory expectations. - Understanding of risks facing credit unions, including information security, physical security, and regulations; familiarity with depository and lending operations. - Ability to manage multiple priorities independently in a fast-paced environment while maintaining confidentiality and attention to detail. - Strong reasoning skills with the ability to interpret complex regulations, analyze financial and operational data, and synthesize large volumes of information into actionable insights. - Excellent in drafting professional documents and communicating effectively with individuals at all levels of the organization, third parties, and regulatory examiners. - Proven ability to identify risks and develop mitigation recommendations, work cross-departmentally, and build strong relationships with internal teams and external partners. Requirements - Previous banking or credit union experience is required to ensure a deep understanding of the risks, regulations, and operational realities within the financial services industry. - Expertise in plan development, depository and lending operations is essential for success in this role. Benefits - Medical, dental and vision plan options - Health Saving Account and Flexible Spending Account options - 401(k) with competitive company match - Paid time off, paid holidays, personal time, and paid volunteer time - Development time and tuition reimbursement - Company provided life insurance, short-term and long-term disability insurance - Voluntary benefits including life, critical illness, accident, and hospital indemnity coverage - Paid parental leave - Discretionary, annual profit-sharing bonus

Are you looking for a unique Cyber Security role whereby you will provide key insight and research into new threats, exploits, and mitigation techniques? Do you consider yourself a innovator in threat detection? About the role: You will be entrusted as the senior most technical member of incident response team for our global information security organization About the team: This global team supports the Information Security department’s goals and objectives by addressing escalations, and evaluation of technology controls providing key insight and research in new threats, exploits, and mitigation techniques Key Responsibilities: - Helping improve the resilience and readiness of security protection and mitigation technologies and processes which ensure the confidentiality, integrity, and availability of the organization’s assets, information, data, and IT services in an efficient manner. - Developing and execute security incident response plans, conduct cyber forensic investigations on physical endpoints and cloud platforms, independently lead the full life-cycle of incident response investigations of all reported security incidents. - Developing comprehensive incident reports and investigation summaries. Develop and collect intelligence to proactively detect and identify high-confidence threats to the brand, service infrastructure and enterprise users and systems. - Analyzing/validating security control requirements and tuning, defining the mitigation rules, scripting and performing changes or mitigating attacks, and assisting with troubleshooting support related to any issues which may arise from security detection or protection technologies. - Assisting with reviewing existing tools, applications, and processes to help strengthen and optimize current security capabilities, as well as identifying any gaps or technical solutions to further enhance the team’s effectiveness. - Leading analysis and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company information assets against current and foreseen threats. Requirements - Possess advanced knowledge of security of cloud agnostic infrastructure. - Have the ability to conduct forensic and incident response investigations. Understanding of incident response and risk mitigation workflow and planning. - Able to participate in the analysis of security events for anomalous activity. Identification of emerging security threats. - Able to develop and implement security improvement and remediation programs. - Possess vulnerability assessment, exploitation techniques, malware reverse engineering, threat analysis, and security threat and incident reporting. - Able to participate in the investigation and navigation in Cloud and Web-based environments. - Possess any of the following Licensing/certification : CCFE, GCFE, CISSP, CISM, SANS, GIAC, ISACA, CSRIC (or related), ethical hacking/penetration tester certification, and/or security risk assessment certification Elsevier is a renowned global information analytics company that primarily focuses on providing scientific, technical, and medical (STM) research content, tools, and services. It is one of the largest publishers of academic journals and scholarly literature in the world. Elsevier operates in various domains, including science, technology, medicine, social sciences, and more. They publish a vast number of peer-reviewed journals covering a wide range of disciplines. These journals act as platforms for researchers and academics to share their findings and contribute to the advancement of knowledge in their respective fields. In addition to publishing, Elsevier offers a suite of digital solutions and services to support researchers, scientists, and professionals in their work. They provide online platforms like ScienceDirect, Scopus, and Mendeley, which offer access to a vast repository of scholarly articles, research papers, and other scientific content. These platforms often serve as essential resources for software developers seeking to stay updated with the latest scientific advancements. Primary Location Base Pay Range: Home based-New Jersey $89,012 - $142,188. U.S. National Base Pay Range: $78,800 - $131,300. Geographic differentials may apply in some locations to better reflect local market rates. This job is eligible for an annual incentive bonus. We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120. Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here. Please read our Candidate Privacy Policy. We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. USA Job Seekers: EEO Know Your Rights.