I think all of us have been in this same situation. Management has from time to time made my life miserable. I learned a long time ago to report my findings, make my recommendations, and it's up to management to implement the changes. My job is to report to the Board. I implemented a tracking report of significant deficiencies where no action had been taken and you'd be surprised how I got their attention with that. I always include a short overview of the law and/or my reasons for citing the problem. This seems to get their attention. I also include a Board advisory when I feel it is necessary to really get their attention. Board oversight is very important. They can't ignore the report anymore like they used to. Especially when they realize it might hurt the bottom line or them personally.
However, keep in mind that the audit function has a lot of support from the regulatory agencies. I am more concerned about your CEO's comment. You should be working independently and threatening you in this way can get him into serious hot water. If you feel comfortable talking to someone in your regulatory agency's examination team about your concerns (confidentially), your should. In the end, your perforance will be under the gun as well. They expect results. The CEO needs to understand that you are there to help find the problems before they come back and bite him. You are there the ensure the Boards safety and soundness objectives are met. AND, geez, good controls and risk management can only help him and his Management team keep their jobs. It took our CEO several bad problems and bad exams to finally get the message. The internal audit function is a fairly new position for many banks and its tough getting started. Best wishes and don't give up