×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Business Analyst IT Consultant Data Security

Sr. IT Risk Analyst

Job in New York, New York County, New York, 10261, USA
Listing for: CardWorks
Full Time position
Listed on 2026-01-26
Job specializations:
  • IT/Tech
    Cybersecurity, IT Business Analyst, IT Consultant, Data Security
Job Description & How to Apply Below
Location: New York

Overview

Join our team - and take the next step in achieving a fulfilling career!

What We Do
At Card Works, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are
Card Works, Inc. is a diversified consumer finance service provider and parent company of Card Works Servicing, LLC, Merrick Bank and Carson Smithfield, LLC. Card Works Servicing, LLC provides end-to-end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offer backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Position Summary

The Sr. IT Risk Analyst is responsible for supporting and enhancing the organization’s technology risk management, audit coordination, and IT control framework. This role partners closely with Internal Audit, Compliance, Technology, and business stakeholders to ensure regulatory readiness, effective control operation, and timely remediation of findings. The ideal candidate has a strong understanding of technology risks, audit processes, IT general controls, and information security principles.

Responsibilities
  • Audit & Regulatory Coordination:
    Coordinate audit preparation activities—including scheduling, evidence collection, and stakeholder communication—for internal audits and regulatory examinations (e.g., FDIC, SOX, SOC, and other technology-focused reviews).
  • Audit coordination:
    Serve as the primary liaison between Internal Audit, IT, and Compliance teams to ensure timely and accurate responses to audit inquiries.
  • Remediation tracking:
    Oversee and track remediation activities; validate completion and effectiveness of corrective actions for technology-related audit findings.
  • Pre-audit readiness:
    Participate in readiness assessments and pre-audit walkthroughs to identify issues before formal reviews begin.
  • Technology Risk Assessment & Control Evaluation:
    Conduct comprehensive Technology Risk Assessments, identifying inherent and residual risks across infrastructure, applications, security, and cloud environments.
  • Control evaluation:
    Evaluate the design and operating effectiveness of technology controls, including IT General Controls (ITGCs), logical access, change management, operations, and security controls.
  • Testing & compliance:
    Perform independent control testing to verify compliance with policies, standards, and regulatory requirements.
  • Advisory:
    Advise IT leadership on control gaps, deficiencies, risks, and recommended remediation strategies.
  • GRC Support:
    Provide risk insights for new initiatives, technology implementations, cloud migrations, and major IT projects.
  • Framework enhancements:
    Support enhancements to the IT risk management framework, control library, and GRC tooling.
  • Risk monitoring:
    Monitor emerging technology risks and collaborate with stakeholders to develop mitigating controls.
  • Policy development:
    Contribute to the development and maintenance of IT policies, standards, and procedures.
Qualifications

Required

  • Bachelor’s degree in information technology, Cybersecurity, Risk Management, or related field (or equivalent experience).
  • 5-10+ years of experience in IT risk, audit, information security, or technology governance.
  • Strong knowledge of IT controls frameworks (e.g., COBIT, NIST, ISO 27001) and regulatory requirements (SOX, FFIEC, SOC, etc.).
  • Experience working with audit functions and responding to regulatory reviews.
  • Ability to analyze control gaps and articulate risks clearly to technical and non-technical stakeholders.
  • Professional certifications such as CISA, CRISC, CISSP, CIA, or similar.
  • Experience with GRC platforms (e.g., Archer, Service Now GRC, Metric Stream).
  • Familiarity…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search