Join our team - and take the next step in achieving a fulfilling career! What We Do At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Who We Are CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Position Summary: The VP Cyber Security Information Security Access Management (IAM/PAM/RBAC) is responsible for safeguarding organizational assets by ensuring that only authorized users, both internal and external, have the appropriate level of access to applications, systems, and data. This role will develop and execute the IAM strategy in alignment with organizational goals, regulatory requirements, and emerging threats. The company requires a technical subject matter expert (SME) with strong analytical and problem-solving skills. The VP Cyber Security Information Security Access Management will be instrumental in maturing the organization's security posture by enforcing least-privilege principles and maintaining compliance with security policies and regulatory requirements. The candidate must be able to work enterprise wide with all business units and help them understand the access controls needed to securely operate there areas. Essential Functions: Design and implementation: Develop, implement, and maintain the enterprise-wide IAM framework, including RBAC policies and procedures, across on-premises and cloud environments. Maintain documentation on roles and entitlements for the enterprise and individual applications. Privileged access management: Lead administration and management of the corporate PAM solution, including the secure storage and rotation of privileged credentials, session monitoring, and audit logging. Access lifecycle management: Oversee the full identity lifecycle, including the provisioning, de-provisioning, and modification of user accounts and entitlements across systems. Develop automation and reporting for account management. Governance and compliance: Oversee regular access reviews, audits, and security assessments to ensure access controls are compliant with internal policies and external regulations (e.g., SOX, PCI, SOC1, SOC2 and FFIEC). Develop reporting processes that can be used for operational controls and audits. Lead cross functional Governance efforts to maintain alignment between IT and business areas. Risk mitigation: Proactively identify privileged access risks, access governance issues, and IAM vulnerabilities, and recommend effective remediation strategies. Contribute to application risk assessments with consideration to access security and role development. Incident response: Oversee the team’s response to access control incidents, troubleshoot complex access issues, and provide timely resolutions. Integration and automation: Integrate IAM and PAM solutions with other enterprise systems (e.g., HR, IT Service Management, SIEM) and use scripting to automate workflows. Stakeholder collaboration: Partner with IT, business teams, and external vendors to define access requirements, implement solutions, and communicate policy changes. Education and Experience: Bachelor’s degree in information security, Computer Science, or a related field, or equivalent practical experience. Experience working on maturing organizational approach to access controls Experience building and managing cyber security teams Experience helping both the team and the enterprise manage the risk and stress around unauthorized access A minimum of 10 years of experience in Identity and Access Management or a similar cybersecurity role. Hands-on experience with major IAM and PAM tools, such as SailPoint, Okta, Azure AD/Entra ID, Purview, and Delinia Experience with scripting languages (e.g., PowerShell, Python) for automation is a plus. Relevant certifications, such as CISSP, CISM, or CompTIA Security+, are highly desirable. Summary of Qualifications: Excellent analytical and problem-solving skills with meticulous attention to detail. Strong communication skills, both written and verbal, for effective collaboration with technical and non-technical stakeholders. A proactive, results-driven mindset with the ability to manage multiple priorities in a fast-paced environment. Strong knowledge of RBAC principles and proven experience designing and implementing RBAC models in an enterprise environment. In-depth understanding of authentication and authorization protocols, including SAML, OAuth, OpenID Connect, and LDAP. Proven experience building teams Track record of working with financial service firms building out and oerating access control environments. #LI-DNI Our Employee Value Proposition Competitive Pay, including a Bonus Target or Variable Pay Incentive Program Benefits Package -Medical, Dental, and Vision (plus much more) 401(k) Plan with Company Match Short- & Long-Term Disability Wellness Programs Group Life and AD&D Insurance Paid Vacation, Sick Days and bank Holidays Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable. CardWorks is a leading credit and payments company and a people-centric, compliance-focused organization enabled by data and technology. Our mission is to delight our clients and customers. With over 35 years of operating history, the CardWorks companies include one of the largest managers and servicers of credit card and installment loan products, a top 20 credit card issuer and a top 10 merchant acquirer in the US. At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Not finding the right fit? Let us know you're interested in a future opportunity by clicking Get Started below or create an account by clicking 'Sign In' at the top of the page to set up email alerts as new job postings become available that meet your interest!