Join our team - and take the next step in achieving a fulfilling career!
What We Do
At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
Who We Are
CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
The Enterprise Risk Management (“ERM”) team is responsible for implementing the risk governance program, risk oversight, and to provide an independent view of risks faced by CardWorks, its clients and their customers.
The Third-Party Senior Risk Analyst supports the overall direction of Third-Party Risk Management (“TPRM”) activities by identifying and assessing potential risks with current and potential third parties.
Essential Functions:
Manage and support the Company’s third-party risk strategy by ensuring risk assessments, due diligence, and ongoing monitoring is conducted according to the Third-Party Risk Management policy and any gaps are accurately identified and remediated.
Performs initial risk triage for high-risk service providers and performs assessment of service providers’ information security programs and controls as it relates to the Company’s requirements.
Validates elements of the Third-Party Risk Assessment, working with service providers and business relationship owners to ensure data is complete, accurate and approved timely.
Manage the oversight/ coordination of third-party risk management and the respective oversight and performance assessments.
Work with the Business Relationship Owners throughout the organization for current and potential third parties to obtain necessary information for risk assessments (financials, audit reports, questionnaires, policies, etc.).
Assess, in writing, key risks that may arise from the Company’s outsourced activities and options for controlling these risks.
Prepares TPRM reporting for management and committees, including board of directors.
Identifies, prioritizes and pursues opportunities to enhance the Company’s third party risk management processes and propose innovative solutions to optimize program effectiveness.
Manage TPRM’s system of record, RSA Archer, and provides recommendations on how to maximize the systems efficiency and user experience.
Adjust processes to adhere to changes in the regulatory environment.
Oversee and maintain operational procedures for TPRM processes.
Escalate suspected violations of law, regulations or non-compliance to Company policies.
Drives TPRM training across the First Line of Defense to ensure roles and responsibilities across key stakeholders are clearly understood.
Reviews and approves certain due diligence assessments as needed.
Perform other duties as assigned by the Director, Third-Party Risk Management
Education and Experience:
Bachelor’s degree in a business-related field required; or six (6) years of related work experience accepted in lieu of education
Seven (7) years of related experience in Third-Party Risk Management, experience in Information Security Assessments preferred
Additional experience with risk, audit or internal control monitoring experience preferred.
Summary of Qualifications:
Must possess strong analytical skills, system skills, and writing/ communication skills
GRC (Governance, Risk and Compliance) system experience preferable (RSA Archer experience a plus)
Experience with Microsoft applications (Excel, Word, PowerPoint, and Visio)
Industry experience and general knowledge of third-party risk management
Demonstrate an ability to establish and maintain effective working relationships at all levels within the organization
Effective planning, time management, attention to detail, customer service and problem-solving skills.
Ability to work effectively under pressure. Skilled at handling a variety of assignments simultaneously. Flexibility and willingness to work at a rapid pace under strict time frames.
Certifications in Third-Party Risk Assessment (CRVPM, CTPRP, CISM) preferred
The salary range for this position, if located in NY Metro/NY State is $103,000 to $115,000 a year. However, please note that the salary range will vary for other geographic areas.
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable.
