×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Director, Security Risk Management

Job in Orlando, Orange County, Florida, 32885, USA
Listing for: CardWorks, Inc.
Full Time position
Listed on 2026-06-04
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 120000 - 160000 USD Yearly USD 120000.00 160000.00 YEAR
Job Description & How to Apply Below
*** Join our team - and take the next step in achieving a fulfilling career!
***** What We Do
** At Card Works, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
** Who We Are
** Card Works, Inc. is a diversified consumer finance service provider and parent company of Card Works Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.Card Works Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.  We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank.  Merrick operates three main business lines:  credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
*
* Position Summary:

** The Information Security Risk Management Director is responsible for leading the design, implementation, and oversight of the organization’s information security risk management and vendor security assessment programs. This is a hands-on leadership role that develops and ensures that cyber risk identification, assessment, mitigation, and reporting activities are consistently executed and centrally managed within the organization’s risk management framework and tools.

The Director oversees and performs information security risk assessments across internal systems, business processes, third-party vendors, and enterprise projects to ensure risks are effectively identified, rated, and managed in alignment with Enterprise Risk Management practices and regulatory frameworks such as the Cyber Risk Institute (CRI) Profile, NIST Cybersecurity Framework (CSF), and PCI DSS.By integrating security risk management practices with business and technology initiatives, the Director drives informed decision-making, strengthens the organization’s security posture, enhances compliance with policies and standards, and promotes a culture of proactive security risk management across the enterprise.
*
* Essential Functions:

** Leadership and Program Oversight
* Lead, mature, and operationalize the organization’s information security risk management and vendor security assessment programs.
* Provide strategic and hands-on leadership for a small team and/or third-party resources responsible for executing assessments, managing risk registers, and maintaining program processes.
* Develop and maintain consistent methodologies, templates, and workflows for risk assessments and vendor reviews.
* Partner with Enterprise Risk Management to ensure cybersecurity risks are integrated into enterprise risk registers, prioritized appropriately, and aligned with enterprise issue management and escalation processes.
* Risk Assessment and Governance
* Oversee and perform security risk assessments for applications, infrastructure, and business processes to identify threats, vulnerabilities, control weaknesses, and business impacts.
* Mature risk scoring methodologies to prioritize risks based on likelihood and business impact.
* Identify opportunities to streamline assessment workflows, automate evidence collection, and enhance tool integration across GRC, IT, and security systems.

Vendor and Third-Party Security Risk
* Lead vendor security reviews, evaluating SOC 2 reports, ISO 27001 certifications, PCI AOCs, and penetration test results to assess vendor control maturity.
* Collaborate with Procurement, Legal, and Third-Party Risk Management (TPRM) teams to embed security requirements into contracts, onboarding, and ongoing vendor oversight.
* Track and manage vendor-related security issues, ensuring timely remediation, escalation, and closure consistent with SLAs and enterprise issue management processes.
* Develop and maintain vendor risk dashboards and KRIs to provide visibility into supply-chain risk exposure and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search