AVP Identity & Access Management

Become an everyday champion — and build a career where your impact fuels financial progress.

What We Do

CardWorks Financial Group is a diversified financial services platform building ethical solutions across credit, lending, and the full customer lifecycle. Through our family of companies, CardWorks Financial Group tackles the complex challenges that larger financial institutions leave behind. We’re embedded throughout the credit card ecosystem as a lender, servicer, and merchant acquirer.

Who We Are

• Merrick Bank: The bank that builds
• CardWorks Servicing: One partner, total performance
• Carson Smithfield: Resolution with respect

With nearly 40 years of operating history, our track record is solid: disciplined in downturns and built to accelerate in recovery. The CardWorks Financial Group companies take precise approach in complex markets, as a top three non-prime focused general purpose card issuer and a top fifteen U.S. merchant acquirer. 

Our team tackles the industry’s most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow.

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Founded in 1997, Merrick Bank is an FDIC®-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Position Summary:

The AVP of Identity and Access Management (IAM/PAM/RBAC) is responsible for the operational execution and day-to-day management of the organization’s Identity and Access Management program. Reporting to the VP of Identity and Access, this role ensures IAM strategy is translated into effective, secure, and scalable operational practices across the enterprise. 

The AVP will serve as a hands-on technical and operational leader, partnering closely with application teams, infrastructure teams, and business stakeholders to ensure access controls are implemented consistently and in accordance with least-privilege, regulatory requirements, and organizational risk tolerance. This role requires deep technical expertise, strong execution discipline, and the ability to manage teams and complex initiatives in a regulated financial services environment.

Essential Functions: 

IAM Control Operations & Execution Leadership 

Expectation: Provide strategic and operational leadership for IAM detective control execution, ensuring consistent, high-quality control performance across teams, platforms, and business units. 

• Establish and oversee execution standards for enterprise IAM detective controls, including access certifications, role and entitlement reviews, authentication configuration assessments, access monitoring, and exception management. 

• Ensure IAM detective controls are not only operating effectively, but are designed to scale, adapt to risk, and evolve with changes in business processes, systems, and regulatory requirements. 

• Direct the prioritization, investigation, escalation, and remediation of access issues identified through detective controls, ensuring timely resolution and clear ownership across engineering, operations, and application teams. 

• Maintain executive accountability for control outcomes by tracking issues, themes, and remediation progress through closure, validating risk reduction and sustainable improvements. 

IAM Security Monitoring & Incident Leadership 

Expectation: Lead IAM security monitoring and incident support capabilities, ensuring readiness, consistency, and effective decision making during access related security events. 

• Align with VP and set expectations and direction for teams responsible for IAM and PAM logging, alerting, monitoring, and certification evidence, ensuring alignment with broader security operations practices. 

• Ensure IAM and PAM activity is consistently monitored for anomalous behavior, unauthorized access, excessive privilege usage, and indicators of compromise, with clear escalation paths and response playbooks. 

• Provide day to day leadership oversight during identity related security incidents, investigations, and penetration testing activities, ensuring effective coordination between IAM, SOC, incident response, and engineering teams. 

• Ensure IAM and PAM data is leveraged effectively to support investigations, forensic analysis, audits, and regulatory inquiries, with a focus on accuracy, timeliness, and completeness. 

IAM Process Maturity, Automation & Capability Development 

Expectation: Drive maturation of IAM control processes and capabilities through automation, standardization, and scalable operating models. 

• Align with VP and set expectations and direction and priorities for automating IAM detective control execution, reporting, and evidence collection, balancing risk reduction with operational efficiency. 

• Ensure teams actively identify and remediate manual, brittle, or spreadsheet driven processes, replacing them with sustainable workflows and platform based capabilities. 

• Partner with IAM engineering and platform leadership to improve identity data quality, entitlement clarity, metadata completeness, and overall tooling reliability. 

• Establish continuous improvement practices using metrics, root cause analysis, audit feedback, and post incident reviews to evolve IAM control effectiveness over time. 

Audit Readiness, Risk Ownership & Regulatory Engagement 

Expectation: Own audit readiness and risk outcomes for IAM detective controls, ensuring sustained compliance and defensible control posture. 

• Ensure IAM detective control operations consistently meet regulatory, policy, and enterprise risk management expectations (e.g., SOX, PCI, SOC1, SOC2, FFIEC). 

• Direct audit preparation activities across teams, including evidence delivery, control walkthroughs, documentation quality, and responsiveness to auditor inquiries. 

• Accountable for timely and effective remediation of audit findings related to IAM detective controls, ensuring root causes are addressed—not just symptoms. 

• Serve as a senior IAM risk partner to compliance, audit, and risk management teams, proactively identifying control gaps and driving corrective action plans. 

Organizational Leadership, Stakeholder Engagement & Reporting 

Expectation: Lead IAM detective control operations as an enterprise capability, aligning people, process, and technology to organizational risk and security objectives. 

• Provide leadership and direction to managers and engineers responsible for IAM control execution, monitoring, and reporting, ensuring clear accountability and performance expectations. 

• Act as the primary operational liaison between IAM, security operations, engineering, application teams, and risk stakeholders for detective control matters. 

• Deliver clear, concise, and actionable reporting on control performance, risk trends, systemic issues, and improvement initiatives to the VP of Identity and Access and senior stakeholders. 

• Represent IAM operations in governance forums, risk committees, and security leadership discussions, providing operational insight and informed recommendations. 

Education and Experience 

• Bachelor’s degree in information security, Computer Science, or a related discipline, or equivalent practical experience. 

• Experience operating and supporting enterprise IAM and PAM environments in a regulated organization. 

• Experience leading or supervising cybersecurity or IAM-focused teams. 

• Experience partnering with application and infrastructure teams to remediate access risks and implement controls. 

• A minimum of 8 years of experience in Identity and Access Management or related cybersecurity roles. 

• Hands-on experience with IAM and PAM tools such as SailPoint, Microsoft PIM, Azure AD/Entra ID, Purview, and Delinea (or similar platforms). 

• Working knowledge of scripting or automation technologies (e.g., PowerShell, Python) preferred. 

• Industry certifications such as CISSP, CISM, Security+, or IAM-specific certifications are desirable. 

• Working knowledge of regulatory and control frameworks such as SOX, SOC1, SOC2, or similar security and compliance standards. 

Summary of Qualifications 

• Strong technical understanding of IAM, RBAC, and PAM concepts with the ability to apply them in real-world environments.  

• Demonstrated ability to execute complex initiatives and manage competing operational priorities. 

• Clear and effective communicator, capable of engaging both technical teams and non-technical stakeholders. 

• Detail-oriented with strong analytical and problem-solving skills. 

• Proven experience supporting audits and regulatory reviews within financial services or similarly regulated industries. 

• Ability to lead teams through operational stress related to access outages, incidents, and audit findings. 

• Experience working closely with senior leadership to implement security strategy at scale. 

Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; Pittsburgh, PA. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.

The salary range for this position, if located in NY Metro/NY State is $162,406 to $180, 452. However, please note that the salary range will vary for other geographic areas.

#INDHP

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program 
• Benefits Package -Medical, Dental, and Vision (plus much more) 
• 401(k) Plan with Company Match 
• Short- & Long-Term Disability 
• Wellness Programs 
• Group Life and AD&D Insurance 
• Paid Vacation, Sick Days and bank Holidays 
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to age, race, color, sex, or gender identity/expression (including pregnancy, childbirth, transgender status, or sexual orientation), religion or creed, ancestry, citizenship, national origin, disability, military or veteran status, marital status, genetic information, or any other characteristic protected by applicable law.

We do not tolerate discrimination, harassment, or retaliation. Employment decisions are based solely on qualifications, merit, and business needs. Everyone is welcome here, and we hire based on your ability to do the job, not any protected characteristics.

If you need help or reasonable accommodation during the application or hiring process, please let your TA Partner know.