Lead Information Security

Join our team - and take the next step in achieving a fulfilling career!

What We Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank.  Merrick operates three main business lines:  credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Position Summary:

We are seeking an experienced and visionary Cyber Security Lead to spearhead our security related initiatives in the financial sector. This senior role requires a profound understanding of cyber security technologies and practices, as well as the ability to guide and inspire a team of security professionals. The ideal candidate will be instrumental in shaping our security strategy and ensuring the protection of sensitive financial data. This role will report to the head of endpoint, DLP and awareness team and act in a supporting role to that leadership position.

Essential Functions:

Key responsibilities include:

• Work with leadership to develop and implement a comprehensive cyber security strategy that aligns with team and organizational goals while also maintaining regulatory requirements.
• Lead, mentor, and develop a high-performing cyber security team, acting as a point of technical escalation while fostering a culture of excellence and continuous improvement.
• Oversee the design and implementation of security architectures, program road mapping and ensure robust protection against evolving threats.
• Stay abreast of the latest cyber security trends, technologies, and best practices, integrating them into the organization’s security framework.
• Conduct thorough risk-based assessments of in-scope programs to identify potential gaps and areas for maturity.
• Author and enforce security policies, standards, and procedures to create efficiencies and mitigate risks to ensure compliance with industry regulations.
• Act as Liaison to the SOC during incident response efforts, coordinating with the team internally to facilitate resolutions effectively.
• Participate in incident response plans as well as regular drills and reviews to ensure preparedness.
• Collaborate, cross-functionally with teams and stakeholders. Establish and maintain relationships to properly support security initiatives enterprise wide.
• Communicate security risks and strategies to leadership and stakeholders, providing insights and recommendations for improvement.

Cyber Security Lead is also responsible for familiarity with tooling and cross-train with other security functions as assigned:

• Endpoint security controls – Monitor ticketing and requests for all endpoint controls and respond to events and outages in a troubleshooting capacity.
• Data loss prevention – Address tickets for block remediation and apply rule changes as needed.
• Cloud access security brokering – Monitor incoming requests and apply proper validation and remediation steps as needed.
• Email security – Perform triage and remediation of tickets related to email security.

Compliance with Laws & Regulations: 

• Responsible for complying with all of the Bank’s internal control policies and procedures.
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

Education and Experience:

• Master’s degree in Cybersecurity, Information Security, or a related field. Equivalent experience will also be considered. Work experience or individuals pursuing a bachelor’s degree will also be considered in lieu of a degree.
• 8 years of experience in cyber security, risk management, security awareness, or a related role within the finance industry. Experience in developing and delivering training programs is highly desirable
• Relevant certifications such as CISSP, CISM, or advanced SANS are highly desirable.

Summary of Qualifications:

• Superior knowledge in scripting languages such as, Python, PowerShell with relation to API, automation and metric collection.
• Masterful understanding of current cyber threat and risk landscape.
• Experience with industry tooling (e.g., workday, dayforce, knowbe4, cybsafe, etc.).
• Fluent understanding of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
• Exemplary experience with highly regulated industries, and specifically the banking industry (including FDIC regulations) is preferred.
• Demonstrated skills with security concepts, defense-in-depth strategies, security tools, and protocols.
• “White-hat” mentality, with a healthy sense of paranoia (security awareness and risk).
• Positive, inquisitive, can-do attitude.
• Self-starter, requires minimal oversight to perform as expected, work well independently and as part of a team.
• Comfortably perform well under pressure, deliver to commitments on tight deadlines.
• Meticulous attention to detail.
• Passion for cybersecurity and technology trends, news, and hacking techniques.

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program 
• Benefits Package -Medical, Dental, and Vision (plus much more) 
• 401(k) Plan with Company Match 
• Short- & Long-Term Disability 
• Wellness Programs 
• Group Life and AD&D Insurance 
• Paid Vacation, Sick Days and bank Holidays 
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background check for all hires in compliance with applicable.