Manager Information Security

Join our team - and take the next step in achieving a fulfilling career!

What We Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Position Summary:

We are seeking an experienced and strategic Cyber Security Manager to oversee and mature our security initiatives within the financial sector. This management role requires strong leadership capabilities, deep cybersecurity expertise, and the ability to guide a team of security professionals. The ideal candidate will help shape the organization’s security posture, strengthen operational processes, and ensure the protection of sensitive financial data.

Essential Functions:

Key responsibilities include:

• Work with leadership to support and execute a comprehensive cybersecurity strategy that aligns with organizational goals and regulatory requirements.
• Manage, mentor, and develop a high‑performing cybersecurity team, serving as a point of escalation and fostering a culture of excellence and continuous improvement.
• Oversee the design, implementation, and operational management of security architectures and program roadmaps to ensure strong protection against evolving threats.
• Stay current on cybersecurity trends, technologies, and best practices, integrating relevant advancements into the organization’s security framework.
• Conduct and oversee risk‑based assessments of in‑scope programs to identify gaps and opportunities for maturity.
• Author, maintain, and enforce security policies, standards, and procedures to drive efficiency, mitigate risk, and ensure compliance with industry regulations.
• Act as liaison to the SOC during incident response efforts, coordinating internal teams to ensure timely and effective resolution.
• Participate in incident response planning, drills, and reviews to ensure organizational preparedness.
• Collaborate cross‑functionally with teams and stakeholders to support security initiatives across the enterprise.
• Communicate security risks, program updates, and strategic recommendations to leadership and stakeholders.

Cyber Security Manager is also responsible for familiarity with tooling and cross‑training with other security functions as assigned:

• Endpoint security controls – Oversee monitoring of ticketing and requests for all endpoint controls; ensure timely response to events and outages.
• Data loss prevention – Manage DLP operations, including block remediation, rule changes, and incident handling.
• Cloud access security brokering – Supervise CASB request intake, validation, and remediation processes.
• Email security – Oversee triage and remediation of email security‑related tickets.

Compliance with Laws & Regulations:

• Responsible for complying with all of the Bank’s internal control policies and procedures.
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

Education and Experience:

• Master’s degree in Cybersecurity, Information Security, or a related field preferred. Equivalent experience will be considered.
• 6–8+ years of experience in cybersecurity, risk management, or related roles within the finance industry.
• 2–3+ years of experience in a supervisory or management capacity.
• Experience developing and delivering training programs is highly desirable.

Summary of Qualifications:

• Superior knowledge of scripting languages such as Python and PowerShell, especially for API integrations, automation, and metric collection.
• Strong understanding of the current cyber threat and risk landscape.
• Experience with industry tooling (e.g., Workday, Dayforce, KnowBe4, Cybsafe).
• Fluent understanding of web application frameworks, APIs, microservices, and cloud environments (AWS, Azure, GCP).
• Experience in highly regulated industries, specifically banking (including FDIC regulations), is preferred.
• Demonstrated skills in security concepts, defense‑in‑depth strategies, security tools, and protocols.
• “White‑hat” mentality with strong security awareness and risk sensitivity.
• Positive, inquisitive, can‑do attitude.
• Self‑starter who requires minimal oversight and works well independently and as part of a team.
• Ability to perform well under pressure and meet tight deadlines.
• Meticulous attention to detail.
• Passion for cybersecurity, technology trends, and emerging threats.

#INDHP

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.