CardWorks

• Support technical writing needs to facilitate daily business activities • Develop, document, and update existing policies and procedures to adapt to a growing business • Gather, collate, and organize all technical material to build comprehensive reports for various levels of management within the CardWorks organization • Provide current documentation, revision histories, and tracking information to support Audit activities • Ensure highest levels of accuracy, quality and effectiveness while scribing technical documents • Create QA checklists / run books for use by technical teams to facilitate improved and accurate job performance • Review documentation and provide editorial feedback to ensure format, style, voice, and clarity guidelines are met

Title: Lead Identity & Access Management Location: Woodbury (Long Island) Job Description: What We Do At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Who We Are CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Position Summary: The Identity and Access Management (IAM) Lead Engineer will work in the Merrick Bank and CardWorks security team. They will responsible for day-to-day activities regarding identity and access creation, risk-based access control, attribute-based access control, role-based access control, privileged access management, access modifications, and access terminations. They will be the primary contact for support of tools within the information security team from an IAM perspective. The IAM Lead Engineer will design solutions, engineer integrations, set up processes, provide reporting, instruct other teams on said processes and integrations, and manage tools and data. They implement, operate, monitor, and improve information security processes and systems that protect the companies’ data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism. Essential Functions: Privileged Access Management (PAM) Tool Ownership & Administration Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability. - Administer access to the PAM platforms, including onboarding users, roles, and entitlements within the tools - Configure privileged access workflows, credential vaulting, rotation, session controls, and integrations - Monitor PAM system performance, availability, errors, and audit logs - Troubleshoot and remediate PAM‑related issues affecting access, automation, or integrations - Partner with business and infrastructure teams to onboard new privileged use cases into PAM IAM Platform Support & Engineering Enablement Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability. - Be the day to day technology owner of identity governance, lifecycle, and authentication platforms by leading: - Troubleshooting - Integration validation - Operational execution - Execute IAM tasks according to established processes and approvals - Lead application and service integrations with IAM tooling - Utilize scripting, APIs, and automation to improve IAM operational efficiency - Assist with configuration changes and platform enhancements under established governance Detective IAM Controls & Security Operations Support Expectation: Actively supports monitoring, investigation, and response activities related to IAM security signals. - Support detective IAM controls, including logging, alerting, and access review evidence collection - Configure and monitor IAM and PAM log activity for anomalous or unauthorized behavior - Lead identity‑related investigations, incidents, and penetration testing efforts - Gather and analyze IAM and PAM data for audits, incident response, and forensic activities - Collaborate with security teams during access‑related security events to assess impact and remediate issues Collaboration, Documentation & Continuous Improvement Expectation: Operates as a dependable engineering partner who improves IAM services through execution and feedback. - Collaborate with application, infrastructure, and security teams and drive projects to implement standardized IAM and PAM practices - Provide IAM and PAM design input as part of discussions based on operational experience - Document configurations, procedures, troubleshooting steps, and known issues - Create and disseminate operational metrics, observations, and improvement recommendations - Identify recurring issues and propose pragmatic improvements to tooling or processes Education and Experience - 8+ years of experience in Identity & Access Management, Information Security, Cybersecurity Engineering - Hands‑on experience architecting and engineering IAM solutions in large, complex environments. - Technical knowledge of IAM concepts including authentication, authorization, federation, directory services, identity lifecycle, access governance, and privileged access. - Strong experience with at least several of the following technologies/tools: - Delinea / Thycotic / Centrify - Azure AD / Entra ID - Active Directory, Group Policy, Kerberos, LDAP, Windows Server - SSO, SAML, OAuth, OIDC - Automation/Scripting: PowerShell, Python - Experience with the following preferred but not required: - SailPoint Identity Security Cloud (ISC) - Microsoft Identity Products (MIM PAM, PIM, etc.) - Experience working in regulated industries preferred (financial services, healthcare, etc.). - Bachelor’s degree in Computer Science, Information Systems, or related field preferred. - Preferred certifications: CISSP, CISM, Microsoft Identity certifications, or vendor certifications (SailPoint, Delinea). Summary of Qualifications - Ability to support integrations into Delinea, SailPoint, and Azure AD/Entra ID with a strong skill set for API development and integration. - Ability to analyze, interpret, and correct data inconsistencies, errors, gaps, and inaccuracies for impact. - Strong understanding of IAM principles, including details for least privileged, joiner, mover, and leaver operations. - Strong understanding of workflows from systems of record through many different layers of IAM to application use. - Strong understanding of Azure AD, including lifecycle management for all account types. - Strong knowledge of AWS. - Knowledge of client-server applications, multi-tier web applications, relational databases, and cloud IAM and security tools. - Strong understanding of SSO, OAuth, OpenID, and SAML. - Experience with Workday integrations. Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; Pittsburgh, PA. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role. The salary range for this position, if located in NY Metro/NY State is $154,564 to $171,738. However, please note that the salary range will vary for other geographic areas. #INDHP Our Employee Value Proposition - Competitive Pay, including a Bonus Target or Variable Pay Incentive Program - Benefits Package -Medical, Dental, and Vision (plus much more) - 401(k) Plan with Company Match - Short- & Long-Term Disability - Wellness Programs - Group Life and AD&D Insurance - Paid Vacation, Sick Days and bank Holidays - Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background check for all hires in compliance with applicable laws.

Title: Manager Security Compliance Locations: Woodbury, NY; South Jordan, UT; Horsham, PA; Pittsburgh, PA; Orlando, FL. Work Type: Hybrid, Full Time Job ID: JR100965 Job Description: What We Do At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Who We Are CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Caron Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Position Summary: The Security Compliance Manager is an individual contributor responsible for operationalizing, executing, and maturing the enterprise security compliance program. This role reports to the Director of Security Risk & Compliance and ensures that the organization’s security compliance strategy is translated into effective operational processes, assessments, and workflows. Core responsibilities include managing compliance operations, executing assessments, reviewing controls, supporting audit readiness, coordinating documentation and evidence, and ensuring accuracy and consistency across compliance systems and reporting. Essential Functions: Compliance Program Execution - Execute and continuously improve enterprise security compliance processes and assessments, supporting the strategic direction established by the Manager. - Operate and maintain the security compliance technology platform, ensuring assessments, evidence collection, and issue tracking are completed accurately and on schedule. - Coordinate compliance assessment activities and ensure required documentation is complete and aligned with standards. - Create, manage, and maintain standardized templates, procedures, workflows, and reporting to support consistent compliance operations. Security Exception Management - Execute detailed assessments of security exception requests, documenting risks, mitigating controls, approvals, and expiration tracking, in accordance with governance defined by the Director. - Track exception approvals, expirations, and remediation requirements, ensuring timely reminders, escalations, and accuracy of exception data. Security Issue Escalation & Tracking - Manage execution of the Security Compliance Finding and Issue Escalation process, ensuring control gaps and audit findings are documented, monitored, and remediated on schedule. - Maintain and operationalize workflow steps aligned to governance requirements defined by the Director, ensuring appropriate escalation of overdue or high‑risk issues. - Align information security issue tracking with Enterprise Risk Management processes and escalate high‑risk issues through established governance forums. Documentation Governance - Oversee the Information Security documentation governance program, ensuring policies, standards, procedures, and guidelines are accurate, current, and aligned with regulatory, customer, and internal control requirements. - Implement and maintain the documentation lifecycle processes, including drafting, review, approval, publication, version control, retention, and retirement. - Coordinate updates to documentation to ensure alignment with applicable frameworks such as CRI, NIST CSF, PCI DSS, and CIS 18, reflecting changes in technology, controls, and risk posture. - Track documentation quality, exceptions, gaps, and remediation activities; prepare reports and metrics to support leadership visibility and compliance oversight. - Partner with security, risk, IT, and compliance stakeholders to ensure documentation supports audits, assessments, and ongoing control operation. Education and Experience - 8+ years of experience in information security, risk management, compliance, or related disciplines. - Bachelor’s degree in IT or related field preferred or equivalent work experience in lieu of degree. - Working knowledge of security frameworks such as Cyber Risk Institute, NIST CSF, CIS Controls, and PCI DSS along with experience applying these and other industry-specific regulations to projects and infrastructure. - Experience in collaborating across diverse teams, including IT, business units, and external stakeholders, to address security requirements and align with project objectives. - Strong understanding of security risk assessment methodologies, controls implementation, and process optimization, with a track record of successfully mitigating risks and enhancing security practices. Summary of Qualifications: - Strong working knowledge of major security frameworks and regulatory requirements, including CRI, NIST CSF, PCI DSS, and CIS Controls, with experience aligning compliance platforms to support assessments and evidence management. - Skilled in optimizing compliance workflows, dashboards, templates, and reporting to enhance operational efficiency and audit readiness. - Proficient with core security technologies such as vulnerability management, encryption, and identity and access management. - Strong analytical and communication skills, able to identify trends, explain complex technical and regulatory concepts, and support cross‑functional collaboration. - Highly organized, detail‑oriented, and capable of managing multiple priorities while improving processes, automation, and program scalability. Ideally, the qualified candidate will work at the following location(s): South Jordan, UT; Woodbury, NY; Horsham, PA; Pittsburgh, PA; Orlando, FL. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role. The salary range for this position, if located in NY Metro/NY State is $128,490 to $142,767. However, please note that the salary range will vary for other geographic areas. #INDHP Our Employee Value Proposition - Competitive Pay, including a Bonus Target or Variable Pay Incentive Program - Benefits Package -Medical, Dental, and Vision (plus much more) - 401(k) Plan with Company Match - Short- & Long-Term Disability - Wellness Programs - Group Life and AD&D Insurance - Paid Vacation, Sick Days and bank Holidays - Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

Join our team - and take the next step in achieving a fulfilling career! What We Do At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Who We Are CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Job Summary: The AVP, IT Risk owns the oversight and governance of the Technology Risk Management Framework, ensuring effective identification, assessment, monitoring, and mitigation of technology risks across the organization. This role is responsible for independent challenge, control assurance, and risk transparency, and drives the execution of core technology risk programs, including control testing, issue management, audit coordination, and reporting. The AVP provides credible challenge to Technology and business stakeholders, enforces adherence to risk standards, and delivers actionable risk insights to senior leadership. Essential Functions: Technology Risk Oversight & Control Assurance - Provide the independent oversight and ongoing evaluation of technology controls (ITGCs, security controls, system controls) - Lead and execute control testing strategy, including scoping, testing, and documentation of results - Identify control gaps, deficiencies, and non-compliance, and require clear remediation actions and timelines - Provide effective challenge to Technology on control design and remediation adequacy - Oversee and track remediation efforts, holding stakeholders accountable for timely closure - Develop and own monitoring and reporting over assigned areas (examples include: technology issues, incidents, and overdue risk items) Audit & Regulatory Coordination - Own coordination and oversight of internal audits and regulatory exams (FDIC, SOX, SOC, etc.) - Ensure completeness, accuracy, and quality of materials provided for audits and exams - Govern the lifecycle of audit findings, including validation of remediation and closure - Act as a primary liaison between Risk, Audit, Technology, and Compliance - Drive audit readiness and continuous improvement of the control environment Business Continuity & Resilience - Review and provide independent challenge to DR testing plans, execution, and results - Evaluate technology resilience risks, including BIA alignment, system criticality, and recovery capabilities - Ensure risks are appropriately identified, escalated, and remediated Third-Party & Vendor Risk - Review and challenge vendor risk assessments and control exceptions - Provide risk recommendations or escalation on vendor-related control gaps and exceptions - Collaborate with TPRM, Security, and Legal teams on vendor risk matters Risk Metrics & Reporting - Deliver clear, concise, and decision-useful risk reporting to senior management - Contribute to KRIs, dashboards, and risk reporting to improve transparency and decision-making - Support preparation of risk reports for senior management and Board committees - Translate technical risk findings into business-relevant insights - Escalate material risks and emerging themes proactively Education and Experience: - Bachelor’s degree required; advanced degree or certifications (CISA, CISSP, CRISC, etc.) preferred Leadership Competencies - Demonstrates ownership and accountability for risk oversight and outcomes - Applies independent judgment and effective challenge - Effective collaboration and communication with cross-functional teams - Confident communicator with senior stakeholders - Proactive risk identification and escalation mindset Summary of Qualifications: Required - 8–12+ years of experience in IT Risk, Technology Risk, Audit, Information Security, or related functions - Knowledge of IT control frameworks (SOX, SOC, NIST, etc.) and regulatory requirements - Experience supporting audits, control testing, and remediation tracking - Strong analytical, problem-solving, and communication skills Preferred: - Experience in regulated industries - Relevant certifications such as CISA, CRISC, or CISSP - Experience with dashboards, KRIs, or reporting - Hands-on technology delivery experience Our Employee Value Proposition - Competitive Pay, including a Bonus Target or Variable Pay Incentive Program - Benefits Package -Medical, Dental, and Vision (plus much more) - 401(k) Plan with Company Match - Short- & Long-Term Disability - Wellness Programs - Group Life and AD&D Insurance - Paid Vacation, Sick Days and bank Holidays - Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background check for all hires in compliance with applicable laws.

• Investigates and analyzes credit card fraud dispute cases to mitigate financial losses and protect the Bank from fraudulent activity. • Reviews and assesses credit card application risk indicators, correlating fraud-related flags to identify potential application fraud and emerging patterns. • Conducts in-depth research on complex cases, including merchant activity and suspicious transaction behavior. • Maintains comprehensive and well-documented case records, ensuring research finding and investigative conclusions are clearly articulated and supported. • Communicates fraud analysis, investigative findings, and case determinations through digital channels and collaborative team discussions. • Manages daily workflow by processing assigned queues, reports, and case tasks in a timely and accurate manner. • Provides research support and account action recommendations, including potential account revocation, to front-line fraud prevention teams. • Performs other duties as assigned.

Join our team - and take the next step in achieving a fulfilling career! What We Do At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most. Who We Are CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Position Summary: A Collections Specialist on the Account Restructure Team (ART), processes consumer loan accounts according to established guidelines and procedures for special circumstance situations. Specialists may work in a phone-based role, handling inbound and outbound customer calls, or in an off-phone processing role, working strictly on OnBase to review, index, and process correspondence and required documentation. Assignments may vary based on business needs but remain aligned to defined workflows and procedures. Essential Functions: - Reviews, indexes, and processes account‑related correspondence in OnBase, ensuring accurate categorization and routing. - Completes assigned workflow queues and exception reports related specifically to OnBase processes. - Identifies required account actions based on documentation received and updates systems in accordance with client policies and regulatory requirements. - Ensures timely completion of all assigned cases while maintaining accuracy and adherence to established SLAs. Responsibilities: - Applies knowledge of client policies and procedures to complete accurate account maintenance. - Documents all account actions clearly and thoroughly in required systems. - Remains current on regulatory requirements, including their impact on credit bureau reporting for special circumstances. - Performs other duties as assigned. Education and Experience: - High school diploma or equivalent required. - One (1)+ year of Customer Service, or Collections experience, or equivalent experience in processing, data review, or document workflow highly desired. - Experience with First Data Resources (FDR), OnBase, Evolve or related platforms preferred. Summary of Qualifications: - Keyboarding proficiency - Familiarity with Windows based computer applications - Skilled in negotiating, including the ability to persuade and modify opinions to reach goals - Ability to work under pressure; flexibility and willingness to work at a rapid pace - Thorough knowledge of FDR products - Effective planning, organizational, time management and problem solving skills - Effectively and efficiently communicate both through verbal and written channels in a way that others are able to understand the information in a manner consistent with the essential job functions - Ability to multi-task is essential Work Environment/Physical Demands: - Work is in an office environment, sustained posture in a seated position for prolonged periods of time; works with computer equipment for prolonged periods of time - Travel is generally not required - This position reports to an assigned Team Leader and supervises no one This role will be fully remote. This role can also be hybrid/onsite for one of the following locations: Pittsburgh, PA, Woodbury, NY, Lake Mary, FL, Orlando, FL. #INDEG Our Employee Value Proposition - Competitive Pay, including a Bonus Target or Variable Pay Incentive Program - Benefits Package -Medical, Dental, and Vision (plus much more) - 401(k) Plan with Company Match - Short- & Long-Term Disability - Wellness Programs - Group Life and AD&D Insurance - Paid Vacation, Sick Days and bank Holidays - Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background check for all hires in compliance with applicable laws.

• As a critical member of the DTD leadership team and in the capacity of a program/product/strategy lead, this Senior Vice President will expand the prior ‘chief of staff’ function provided by this role. • Further, the broad mandate it maintains includes responsibility for creating and managing the planning and management framework for staffing and non-labor spend (full-time and contract staff); • supporting the annual DTD budget process; • and defining and executing against annual and multi-year strategic initiatives in support of all business priorities. • In addition, this leader will lead and own projects/programs from the planning to the delivery elements – utilizing resources across DTD, along with aligning strategic partnerships with stakeholders and business leaders across CardWorks.