What are the responsibilities and job description for the Manager Information Security position at CardWorks?
Join our team - and take the next step in achieving a fulfilling career!
What We Do
At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
Who We Are
CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary
We are seeking an experienced and strategic Cyber Security Manager to oversee and mature our security initiatives within the financial sector. This management role requires strong leadership capabilities, deep cybersecurity expertise, and the ability to guide a team of security professionals. The ideal candidate will help shape the organization’s security posture, strengthen operational processes, and ensure the protection of sensitive financial data.
Essential Functions
Key responsibilities include:
Our Employee Value Proposition
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.
What We Do
At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
Who We Are
CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary
We are seeking an experienced and strategic Cyber Security Manager to oversee and mature our security initiatives within the financial sector. This management role requires strong leadership capabilities, deep cybersecurity expertise, and the ability to guide a team of security professionals. The ideal candidate will help shape the organization’s security posture, strengthen operational processes, and ensure the protection of sensitive financial data.
Essential Functions
Key responsibilities include:
- Work with leadership to support and execute a comprehensive cybersecurity strategy that aligns with organizational goals and regulatory requirements.
- Manage, mentor, and develop a high‑performing cybersecurity team, serving as a point of escalation and fostering a culture of excellence and continuous improvement.
- Oversee the design, implementation, and operational management of security architectures and program roadmaps to ensure strong protection against evolving threats.
- Stay current on cybersecurity trends, technologies, and best practices, integrating relevant advancements into the organization’s security framework.
- Conduct and oversee risk‑based assessments of in‑scope programs to identify gaps and opportunities for maturity.
- Author, maintain, and enforce security policies, standards, and procedures to drive efficiency, mitigate risk, and ensure compliance with industry regulations.
- Act as liaison to the SOC during incident response efforts, coordinating internal teams to ensure timely and effective resolution.
- Participate in incident response planning, drills, and reviews to ensure organizational preparedness.
- Collaborate cross‑functionally with teams and stakeholders to support security initiatives across the enterprise.
- Communicate security risks, program updates, and strategic recommendations to leadership and stakeholders.
- Endpoint security controls – Oversee monitoring of ticketing and requests for all endpoint controls; ensure timely response to events and outages.
- Data loss prevention – Manage DLP operations, including block remediation, rule changes, and incident handling.
- Cloud access security brokering – Supervise CASB request intake, validation, and remediation processes.
- Email security – Oversee triage and remediation of email security‑related tickets.
- Responsible for complying with all of the Bank’s internal control policies and procedures.
- Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
- Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
- Master’s degree in Cybersecurity, Information Security, or a related field preferred. Equivalent experience will be considered.
- 6–8 years of experience in cybersecurity, risk management, or related roles within the finance industry.
- 2–3 years of experience in a supervisory or management capacity.
- Experience developing and delivering training programs is highly desirable.
- Superior knowledge of scripting languages such as Python and PowerShell, especially for API integrations, automation, and metric collection.
- Strong understanding of the current cyber threat and risk landscape.
- Experience with industry tooling (e.g., Workday, Dayforce, KnowBe4, Cybsafe).
- Fluent understanding of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
- Experience in highly regulated industries, specifically banking (including FDIC regulations), is preferred.
- Demonstrated skills in security concepts, defense‑in‑depth strategies, security tools, and protocols.
- “White‑hat” mentality with strong security awareness and risk sensitivity.
- Positive, inquisitive, can‑do attitude.
- Self‑starter who requires minimal oversight and works well independently and as part of a team.
- Ability to perform well under pressure and meet tight deadlines.
- Meticulous attention to detail.
- Passion for cybersecurity, technology trends, and emerging threats.
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.