Manager Security Compliance

Join our team - and take the next step in achieving a fulfilling career!

What We Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Position Summary:

The Security Compliance Manager is an individual contributor responsible for operationalizing, executing, and maturing the enterprise security compliance program. This role reports to the Director of Security Risk & Compliance and ensures that the organization’s security compliance strategy is translated into effective operational processes, assessments, and workflows. Core responsibilities include managing compliance operations, executing assessments, reviewing controls, supporting audit readiness, coordinating documentation and evidence, and ensuring accuracy and consistency across compliance systems and reporting.

Essential Functions:

Compliance Program Execution

• Execute and continuously improve enterprise security compliance processes and assessments, supporting the strategic direction established by the Manager.
• Operate and maintain the security compliance technology platform, ensuring assessments, evidence collection, and issue tracking are completed accurately and on schedule.
• Coordinate compliance assessment activities and ensure required documentation is complete and aligned with standards.
• Create, manage, and maintain standardized templates, procedures, workflows, and reporting to support consistent compliance operations.

Security Exception Management

• Execute detailed assessments of security exception requests, documenting risks, mitigating controls, approvals, and expiration tracking, in accordance with governance defined by the Director.
• Track exception approvals, expirations, and remediation requirements, ensuring timely reminders, escalations, and accuracy of exception data.

Security Issue Escalation & Tracking

• Manage execution of the Security Compliance Finding and Issue Escalation process, ensuring control gaps and audit findings are documented, monitored, and remediated on schedule.
• Maintain and operationalize workflow steps aligned to governance requirements defined by the Director, ensuring appropriate escalation of overdue or high‑risk issues.
• Align information security issue tracking with Enterprise Risk Management processes and escalate high‑risk issues through established governance forums.

Documentation Governance

• Oversee the Information Security documentation governance program, ensuring policies, standards, procedures, and guidelines are accurate, current, and aligned with regulatory, customer, and internal control requirements.
• Implement and maintain the documentation lifecycle processes, including drafting, review, approval, publication, version control, retention, and retirement.
• Coordinate updates to documentation to ensure alignment with applicable frameworks such as CRI, NIST CSF, PCI DSS, and CIS 18, reflecting changes in technology, controls, and risk posture.
• Track documentation quality, exceptions, gaps, and remediation activities; prepare reports and metrics to support leadership visibility and compliance oversight.
• Partner with security, risk, IT, and compliance stakeholders to ensure documentation supports audits, assessments, and ongoing control operation.

Education and Experience

• 8 years of experience in information security, risk management, compliance, or related disciplines.
• Bachelor’s degree in IT or related field preferred or equivalent work experience in lieu of degree.
• Working knowledge of security frameworks such as Cyber Risk Institute, NIST CSF, CIS Controls, and PCI DSS along with experience applying these and other industry-specific regulations to projects and infrastructure.
• Experience in collaborating across diverse teams, including IT, business units, and external stakeholders, to address security requirements and align with project objectives.
• Strong understanding of security risk assessment methodologies, controls implementation, and process optimization, with a track record of successfully mitigating risks and enhancing security practices.

Summary of Qualifications:

• Strong working knowledge of major security frameworks and regulatory requirements, including CRI, NIST CSF, PCI DSS, and CIS Controls, with experience aligning compliance platforms to support assessments and evidence management.
• Skilled in optimizing compliance workflows, dashboards, templates, and reporting to enhance operational efficiency and audit readiness.
• Proficient with core security technologies such as vulnerability management, encryption, and identity and access management.
• Strong analytical and communication skills, able to identify trends, explain complex technical and regulatory concepts, and support cross‑functional collaboration.
• Highly organized, detail‑oriented, and capable of managing multiple priorities while improving processes, automation, and program scalability.

Ideally, the qualified candidate will work at the following location(s): South Jordan, UT; Woodbury, NY; Horsham, PA; Pittsburgh, PA; Orlando, FL. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.

The salary range for this position, if located in NY Metro/NY State is $128,490 to $142,767. However, please note that the salary range will vary for other geographic areas.

#INDHP

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.