Enterprise Risk Management (Third-Party Risk), Vice President

Join our team - and take the next step in achieving a fulfilling career!

What We Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank.  Merrick operates three main business lines:  credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

The Vice President, Enterprise Risk Management (Third-Party Risk) will oversee and advance the Company’s Third-Party Risk Management (TPRM) Program in alignment with evolving regulatory requirements, industry best practices, and internal risk appetite.  This executive will lead a team responsible for identifying, assessing, monitoring, and mitigating risks associated with third-party relationships, including vendors, affiliates, service providers, and outsourcing partners.  This role requires strategic cross-functional collaboration and executive-level influence to ensure effective risk governance across the enterprise.

This position offers hybrid or remote work arrangements for qualified candidates.

Essential Functions:

• Lead the strategic direction and execution of the Third-Party Risk Management Program
• Design, maintain, and continuously enhance a robust third-party risk management framework aligned with regulatory guidance including FFIEC, FDIC, CFPB, ISO 27001, and NIST standards
• Ensure compliance with applicable laws and regulations for third-party risk including GLBA, FDICIA, SOX, and GDPR
• Serve as the primary subject-matter expert on third-party risk, providing guidance to executive leadership and governing committees
• Oversee a portfolio of third-party relationships and collaborating with key stakeholders to identify, mitigate, and report risks
• Lead the execution of third-party risk assessments, due diligence, and ongoing monitoring activities
• Collaborate with Legal, Procurement, IT Security, and business stakeholders to ensure effective control implementation and risk mitigation
• Build, lead and develop a high-performing TPRM team, fostering a culture of excellence and ownership
• Oversee and optimize TPRM tools and platforms, including the integration with Governance, Risk, and Control (GRC) systems
• Deliver executive-level reporting, risk dashboards, and board/committee presentations on third-party risk exposure and trends
• Establish and maintain policies and procedures that govern the TPRM lifecycle, from onboarding through termination

Compliance with Laws & Regulations: 

• Responsible for complying with all of the Bank’s internal control policies and procedures
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts

Education and Experience:

• Bachelor’s degree required; Master’s degree in business, finance, or risk-related field preferred
• Minimum 15 years or progressive experience in risk management, compliance, or procurement
• At least 5-10 years of focused experience in third-party risk within financial services or a similarly regulated environment
• GRC technology and tools experience preferred

Summary of Qualifications:

• In-depth knowledge of third-party risk regulatory requirements and industry standards, including full TPRM lifecycle
• Proven success in developing, implementing, and scaling third-party risk frameworks
• Demonstrated leadership in enterprise risk or third-party risk programs with executive-level visibility
• Ability to lead cross-functional teams, drive consensus, and engage stakeholders in complex organizational settings
• Strong analytical and problem-solving capabilities with a strategic mindset and attention to detail
• Excellent communication skills—­written, verbal, and interpersonal— with the ability to influence at all levels
• Experience with GRC platforms and TPRM tools preferred
• Professional certifications (e.g. CTPRA, CRVPM, CTPRP, CISM, CRISC) or equivalent are highly desirable

The salary range for this position is $175,000 to $195,000 annually. However, please note that the salary range will vary for other geographic areas.

#INDHP1

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program 
• Benefits Package -Medical, Dental, and Vision (plus much more) 
• 401(k) Plan with Company Match 
• Short- & Long-Term Disability 
• Wellness Programs 
• Group Life and AD&D Insurance 
• Paid Vacation, Sick Days and bank Holidays 
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic.  We will conduct a thorough background check for all hires in compliance with applicable.