Manager, Security Compliance

Become an everyday champion — and build a career where your impact fuels financial progress.What We DoCardWorks Financial Group is a diversified financial services platform building ethical solutions across credit, lending, and the full customer lifecycle. Through our family of companies, CardWorks Financial Group tackles the complex challenges that larger financial institutions leave behind. We’re embedded throughout the credit card ecosystem as a lender, servicer, and merchant acquirer.Who We AreMerrick Bank: The bank that buildsCardWorks Servicing: One partner, total performanceCarson Smithfield: Resolution with respectWith nearly 40 years of operating history, our track record is solid: disciplined in downturns and built to accelerate in recovery. The CardWorks Financial Group companies take precise approach in complex markets, as a top three non-prime focused general purpose card issuer and a top fifteen U.S. merchant acquirer.Our team tackles the industry’s most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow.CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.Founded in 1997, Merrick Bank is an FDIC-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses.Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.Position Summary:The Security Compliance Manager is an individual contributor responsible for operationalizing, executing, and maturing the enterprise security compliance program. This role reports to the Director of Security Risk & Compliance and ensures that the organization’s security compliance strategy is translated into effective operational processes, assessments, and workflows. Core responsibilities include managing compliance operations, executing assessments, reviewing controls, supporting audit readiness, coordinating documentation and evidence, and ensuring accuracy and consistency across compliance systems and reporting.Essential Functions:Compliance Program ExecutionExecute and continuously improve enterprise security compliance processes and assessments, supporting the strategic direction established by the Manager.Operate and maintain the security compliance technology platform, ensuring assessments, evidence collection, and issue tracking are completed accurately and on schedule.Coordinate compliance assessment activities and ensure required documentation is complete and aligned with standards.Create, manage, and maintain standardized templates, procedures, workflows, and reporting to support consistent compliance operations.Security Exception ManagementExecute detailed assessments of security exception requests, documenting risks, mitigating controls, approvals, and expiration tracking, in accordance with governance defined by the Director.Track exception approvals, expirations, and remediation requirements, ensuring timely reminders, escalations, and accuracy of exception data.Security Issue Escalation & TrackingManage execution of the Security Compliance Finding and Issue Escalation process, ensuring control gaps and audit findings are documented, monitored, and remediated on schedule.Maintain and operationalize workflow steps aligned to governance requirements defined by the Director, ensuring appropriate escalation of overdue or high‑risk issues.Align information security issue tracking with Enterprise Risk Management processes and escalate high‑risk issues through established governance forums.Documentation GovernanceOversee the Information Security documentation governance program, ensuring policies, standards, procedures, and guidelines are accurate, current, and aligned with regulatory, customer, and internal control requirements.Implement and maintain the documentation lifecycle processes, including drafting, review, approval, publication, version control, retention, and retirement.Coordinate updates to documentation to ensure alignment with applicable frameworks such as CRI, NIST CSF, PCI DSS, and CIS 18, reflecting changes in technology, controls, and risk posture.Track documentation quality, exceptions, gaps, and remediation activities; prepare reports and metrics to support leadership visibility and compliance oversight.Partner with security, risk, IT, and compliance stakeholders to ensure documentation supports audits, assessments, and ongoing control operation.Education and Experience8+ years of experience in information security, risk management, compliance, or related disciplines.Bachelor’s degree in IT or related field preferred or equivalent work experience in lieu of degree.Working knowledge of security frameworks such as Cyber Risk Institute, NIST CSF, CIS Controls, and PCI DSS along with experience applying these and other industry-specific regulations to projects and infrastructure.Experience in collaborating across diverse teams, including IT, business units, and external stakeholders, to address security requirements and align with project objectives.Strong understanding of security risk assessment methodologies, controls implementation, and process optimization, with a track record of successfully mitigating risks and enhancing security practices.Summary of Qualifications:Strong working knowledge of major security frameworks and regulatory requirements, including CRI, NIST CSF, PCI DSS, and CIS Controls, with experience aligning compliance platforms to support assessments and evidence management.Skilled in optimizing compliance workflows, dashboards, templates, and reporting to enhance operational efficiency and audit readiness.Proficient with core security technologies such as vulnerability management, encryption, and identity and access management.Strong analytical and communication skills, able to identify trends, explain complex technical and regulatory concepts, and support cross‑functional collaboration.Highly organized, detail‑oriented, and capable of managing multiple priorities while improving processes, automation, and program scalability.Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; South Jordan, UT; Horsham, PA; Pittsburgh, PA; Orlando, FL. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.The salary range for this position, if located in NY Metro/NY State is $128,490 to $142,767. However, please note that the salary range will vary for other geographic areas.#INDHPOur Employee Value PropositionCompetitive Pay, including a Bonus Target or Variable Pay Incentive ProgramBenefits Package -Medical, Dental, and Vision (plus much more)401(k) Plan with Company MatchShort- & Long-Term DisabilityWellness ProgramsGroup Life and AD&D InsurancePaid Vacation, Sick Days and bank HolidaysEmployee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service RecognitionWe offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.We are proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to age, race, color, sex, or gender identity/expression (including pregnancy, childbirth, transgender status, or sexual orientation), religion or creed, ancestry, citizenship, national origin, disability, military or veteran status, marital status, genetic information, or any other characteristic protected by applicable law.We do not tolerate discrimination, harassment, or retaliation. Employment decisions are based solely on qualifications, merit, and business needs. Everyone is welcome here, and we hire based on your ability to do the job, not any protected characteristics.If you need help or reasonable accommodation during the application or hiring process, please let your TA Partner know. #J-18808-Ljbffr CardWorks Financial Group