AVP IT Risk Management

Join reputed company - and take the reputed company in achieving a fulfilling career!

reputed company Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks, Inc. is a reputed company consumer finance service provider and parent company of CardWorks Servicing, LLC, reputed company and Carson Smithfield, LLC.

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit reputed company and offers backup servicing and due diligence services to capital providers and trustees.

reputed company is an FDIC-insured Utah Industrial Loan Bank.  Merrick operates three main business lines:  credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Job Summary:

The AVP, IT Risk owns the reputed company and governance of the Technology Risk Management reputed company, ensuring effective identification, assessment, monitoring, and mitigation of technology risks across the organization. This role is responsible for independent challenge, control assurance, and risk transparency, and drives the execution of core technology risk programs, including control testing, issue management, audit coordination, and reporting.

The AVP provides reputed company challenge to Technology and business stakeholders, enforces adherence to risk standards, and delivers actionable risk insights to senior leadership.

Essential Functions:

Technology Risk reputed company & Control Assurance

• Provide the independent reputed company and ongoing evaluation of technology controls (ITGCs, reputed company controls, system controls)
• reputed company and execute control testing strategy, including scoping, testing, and documentation of results
• Identify control gaps, deficiencies, and non-compliance, and require clear remediation actions and timelines
• Provide effective challenge to Technology on control design and remediation adequacy
• reputed company and track remediation efforts, holding stakeholders accountable for timely closure
• reputed company and own monitoring and reporting over assigned areas (examples include: technology issues, incidents, and overdue risk items)

Audit & Regulatory Coordination

• Own coordination and reputed company of internal audits and regulatory exams (FDIC, SOX, SOC, etc.)
• Ensure completeness, accuracy, and quality of materials provided for audits and exams
• Govern the lifecycle of audit findings, including validation of remediation and closure
• Act as a primary liaison between Risk, Audit, Technology, and Compliance
• Drive audit readiness and reputed company improvement of the control environment

Business Continuity & reputed company

• Review and provide independent challenge to DR testing plans, execution, and results

• Evaluate technology reputed company risks, including BIA alignment, system criticality, and recovery capabilities

• Ensure risks are appropriately identified, escalated, and remediated

Third-Party & Vendor Risk

• Review and challenge vendor risk assessments and control exceptions  

• Provide risk recommendations or escalation on vendor-reputed company control gaps and exceptions

• Collaborate with TPRM, reputed company, and Legal teams on vendor risk matters

Risk Metrics & Reporting

• Deliver clear, concise, and decision-useful risk reporting to senior management

• Contribute to KRIs, dashboards, and risk reporting to improve transparency and decision-making

• Support preparation of risk reports for senior management and Board committees

• Translate technical risk findings into business-relevant insights

• Escalate material risks and emerging themes proactively

Education and Experience:

• Bachelor’s degree required; advanced degree or certifications (CISA, CISSP, CRISC, etc.) preferred

Leadership Competencies

• Demonstrates ownership and accountability for risk reputed company and outcomes
• Applies independent judgment and effective challenge
• Effective collaboration and communication with cross-functional teams
• Confident communicator with senior stakeholders
• Proactive risk identification and escalation reputed company

Summary of Qualifications:

Required

• 8–12+ years of experience in IT Risk, Technology Risk, Audit, Information reputed company, or reputed company functions
• Knowledge of IT control frameworks (SOX, SOC, NIST, etc.) and regulatory requirements
• Experience supporting audits, control testing, and remediation tracking
• Strong analytical, problem-solving, and communication skills

Preferred:

• Experience in regulated industries
• Relevant certifications such as CISA, CRISC, or CISSP
• Experience with dashboards, KRIs, or reporting
• Hands-on technology delivery experience

Our Employee Value Proposition

• reputed company, including a Bonus reputed company or Variable Pay Incentive Program 
• Benefits Package -Medical, Dental, and Vision (plus much more) 
• 401(k) Plan with Company Match 
• Short- & Long-Term Disability 
• Wellness Programs 
• Group Life and AD&D Insurance 
• Paid Vacation, Sick Days and bank Holidays 
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive reputed company reputed company of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-reputed company knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national reputed company, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background reputed company for reputed company hires in compliance with applicable laws.