VP, Information Security Assurance & Response en CardWorks
CardWorks · Virtual East, Estados Unidos De América · Hybrid
- Senior
- Oficina en Virtual East
Join our team - and take the next step in achieving a fulfilling career!
What We Do
At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
Who We Are
CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary:
This VP-level Enterprise Cybersecurity Architect leads the definition and evolution of enterprise-wide security strategy, frameworks for CardWorks and Merrick Bank, a combined mid-size bank and financial services enterprise. By integrating security architecture with business goals, this role implements comprehensive controls across both cloud and on-premise environments without compromising employee productivity or quality of life.
CardWorks and Merrick Bank are committed to safeguarding customer data and internal IT assets and maintaining a robust cybersecurity posture. This role is crucial in shaping and maintaining the security architecture of the entire enterprise. This includes designing, overseeing implementation, and overseeing secure IT systems and processes. The Cybersecurity Architect ensures compliance with industry regulations and best practices. Cardworks/Merrick values innovation, security, and a collaborative work environment.
Essential Functions:
Cyber Security Strategy & Architecture:
- Own the enterprise security architecture framework, continuously evolving it to address new threats.
- Design comprehensive security architectures, strategies, policies, and standards to align with business objectives and regulatory requirements (e.g., NIST CSF, GLBA, SOC2, PCI, FFIEC).
- Develop and maintain security architecture and supporting documentation.
- Identify and communicate emerging security threats to the CISO and other senior business leaders.
- Assess latest cybersecurity technologies, trends, and developments. Communicate this to the Office of the CISO for relevance and potential integration.
- Work with all technology teams to assist with secure designs, including but not limited to: Network design, Application, cloud, data transfer, pci, secure end user compute , access controls, vendor monitoring, etc.
Security Design & Implementation:
- Partner with software development, engineering, and infrastructure teams to integrate security-by-design principles into all phases of solution delivery, including DevSecOps pipelines, cloud, and on-premise network architecture.
- Design security patterns and controls to promote enterprise efficiency and transparency. This includes the addition and maintenance of automation, where possible, to increase efficiency for compliance audits and daily processes for security assurance.
- Evaluate security architecture and security control baselines for all technology within the enterprise. Identify design gaps and recommend changes/enhancements.
Leadership & Mentorship:
- Provide expert guidance and consultation related to security matters across the organization, particularly for the senior members of the Cybersecurity Team and IT leadership.
- Coach and mentor less experienced personnel on cybersecurity principles and implementation, fostering a culture of security best practice.
- May require leading a small team of architects and/or engineers directly or through a dotted-line relationship.
- Prepare and deliver senior management-level presentations to communicate trends, threats, and current security posture.
- Partner with Cybersecurity Solutions Architects as they establish baselines for various security controls and infrastructure.
Education and Experience:
- Master’s degree in computer science, information security, or related technical field, equivalent certifications, or equivalent work experience is required.
- 10+ years of experience in enterprise architecture, cybersecurity architecture, or related leadership roles.
- Deep technical security engineering experience with several of the following: network security (firewalls, IDS/IPS, VPN), IAM, encryption, SIEM, IaaS, PaaS, SaaS, Secure SDLC, DevSecOps, API security, and endpoint protection.
- Extensive experience working in environments requiring security frameworks/regulations such as FFIEC, GLBA, PCI-DSS, SOX, SOC2.
- Proven experience in designing secure, scalable, and resilient cloud-native and hybrid architecture.
- Strong technical writing skills.
- Relevant certifications are highly desirable (e.g., CISSP, CISM, ISSAP, TOGAF, AWS/Azure Architect).
- Excellent communication and stakeholder engagement skills are required, along with the ability to influence both technical and non-technical audiences.
Summary of Qualifications:
- Excellent communication skills with the ability to explain complex security and compliance concepts to both technical and non-technical stakeholders.
- Detail-oriented mindset that balances tactical implementation with architectural foresight and continuous improvement.
- Strong stakeholder management skills: ability to influence CISOs, VPs of IT, compliance/audit, and business leaders.
- Strong technical writing skills.
- Scripting or automation skills using Python, PowerShell, Terraform, or Ansible is preferred, but not immediately required.
- Proactive learner who stays current on evolving financial-sector threats, regulatory changes, and emerging security technologies
The salary range for this position, if located in NY Metro/NY State is $212,000 to $235,000. However, please note that the salary range will vary for other geographic areas.
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable.
Solicitar ahora 
			 
			 
			 
			