Senior IT Risk Analyst

About CardWorks

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.

Position Summary

The Senior Analyst, IT Risk is responsible for supporting and enhancing the organization’s technology risk management, audit coordination, and IT control framework. This role partners closely with Internal Audit, Compliance, Technology, and business stakeholders to ensure regulatory readiness, effective control operation, and timely remediation of findings. The ideal candidate has a strong understanding of technology risks, audit processes, IT general controls, and information security principles.

Essential Functions

Audit & Regulatory Coordination

• Coordinate audit preparation activities—including scheduling, evidence collection, and stakeholder communication—for internal audits and regulatory examinations (e.g., FDIC, SOX, SOC, and other technology-focused reviews).
• Serve as the primary liaison between Internal Audit, IT, and Compliance teams to ensure timely and accurate responses to audit inquiries.
• Oversee and track remediation activities; validate completion and effectiveness of corrective actions for technology-related audit findings.
• Participate in readiness assessments and pre-audit walkthroughs to identify issues before formal reviews begin.

Technology Risk Assessment & Control Evaluation

• Conduct comprehensive Technology Risk Assessments, identifying inherent and residual risks across infrastructure, applications, security, and cloud environments.
• Evaluate the design and operating effectiveness of technology controls, including IT General Controls (ITGCs), logical access, change management, operations, and security controls.
• Perform independent control testing to verify compliance with policies, standards, and regulatory requirements.
• Advise IT leadership on control gaps, deficiencies, risks, and recommended remediation strategies.

Governance, Risk, and Compliance (GRC) Support

• Provide risk insights for new initiatives, technology implementations, cloud migrations, and major IT projects.
• Support enhancements to the IT risk management framework, control library, and GRC tooling.
• Monitor emerging technology risks and collaborate with stakeholders to develop mitigating controls.
• Contribute to the development and maintenance of IT policies, standards, and procedures.

Required Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field (or equivalent experience).
• 5-10+ years of experience in IT risk, audit, information security, or technology governance.
• Strong knowledge of IT controls frameworks (e.g., COBIT, NIST, ISO 27001) and regulatory requirements (SOX, FFIEC, SOC, etc.).
• Experience working with audit functions and responding to regulatory reviews.
• Ability to analyze control gaps and articulate risks clearly to technical and non-technical stakeholders.

Preferred Qualifications

• Professional certifications such as CISA, CRISC, CISSP, CIA, or similar.
• Experience with GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream).
• Familiarity with cloud technologies (AWS, Azure, GCP) and related risk assessments.
• Prior first line Technology experience.

Summary Of Qualifications

• Strong analytical and problem-solving skills
• Excellent communication and documentation abilities
• Detail-oriented with strong organizational skills
• Ability to manage multiple concurrent audits and priorities
• Collaborative mindset with the ability to work across IT, audit, and compliance functions
• Occasional travel may be required

Location and Compensation

Ideally, the qualified candidate will work at the following location: Woodbury, NY. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.

The salary range for this position, if located in NY Metro/NY State is $122,309 to $135,899. However, please note that the salary range will vary for other geographic areas.

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package - Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.

Key skills/competency

• IT Risk Management
• Audit Coordination
• IT Control Frameworks
• Information Security
• Regulatory Compliance
• Risk Assessment
• GRC
• SOX
• NIST
• COBIT