CardWorks, Inc.
Lead Identity & Access Management
🇺🇸Woodbury, Minnesota, United StatesRemote available15 days ago
$155K – $172KSeniorFull Time
Join our team - and take the next step in achieving a fulfilling career!
What We Do
At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.
Who We Are
CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary:
The Identity and Access Management (IAM) Lead Engineer will work in the Merrick Bank and CardWorks security team. They will responsible for day-to-day activities regarding identity and access creation, risk-based access control, attribute-based access control, role-based access control, privileged access management, access modifications, and access terminations. They will be the primary contact for support of tools within the information security team from an IAM perspective.
The IAM Lead Engineer will design solutions, engineer integrations, set up processes, provide reporting, instruct other teams on said processes and integrations, and manage tools and data.
They implement, operate, monitor, and improve information security processes and systems that protect the companies’ data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism.
Essential Functions:
Privileged Access Management (PAM) Tool Ownership & Administration
Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability.
Administer access to the PAM platforms, including onboarding users, roles, and entitlements within the tools
Configure privileged access workflows, credential vaulting, rotation, session controls, and integrations
Monitor PAM system performance, availability, errors, and audit logs
Troubleshoot and remediate PAM‑related issues affecting access, automation, or integrations
Partner with business and infrastructure teams to onboard new privileged use cases into PAM
IAM Platform Support & Engineering Enablement
Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability.
Be the day to day technology owner of identity governance, lifecycle, and authentication platforms by leading:
Troubleshooting
Integration validation
Operational execution
Execute IAM tasks according to established processes and approvals
Lead application and service integrations with IAM tooling
Utilize scripting, APIs, and automation to improve IAM operational efficiency
Assist with configuration changes and platform enhancements under established governance
Detective IAM Controls & Security Operations Support
Expectation: Actively supports monitoring, investigation, and response activities related to IAM security signals.
Support detective IAM controls, including logging, alerting, and access review evidence collection
Configure and monitor IAM and PAM log activity for anomalous or unauthorized behavior
Lead identity‑related investigations, incidents, and penetration testing efforts
Gather and analyze IAM and PAM data for audits, incident response, and forensic activities
Collaborate with security teams during access‑related security events to assess impact and remediate issues
Collaboration, Documentation & Continuous Improvement
Expectation: Operates as a dependable engineering partner who improves IAM services through execution and feedback.
Collaborate with application, infrastructure, and security teams and drive projects to implement standardized IAM and PAM practices
Provide IAM and PAM design input as part of discussions based on operational experience
Document configurations, procedures, troubleshooting steps, and known issues
Create and disseminate operational metrics, observations, and improvement recommendations
Identify recurring issues and propose pragmatic improvements to tooling or processes
Education and Experience
8+ years of experience in Identity & Access Management, Information Security, Cybersecurity Engineering
Hands‑on experience architecting and engineering IAM solutions in large, complex environments.
Technical knowledge of IAM concepts including authentication, authorization, federation, directory services, identity lifecycle, access governance, and privileged access.
Strong experience with at least several of the following technologies/tools:
Delinea / Thycotic / Centrify
Azure AD / Entra ID
Active Directory, Group Policy, Kerberos, LDAP, Windows Server
SSO, SAML, OAuth, OIDC
Automation/Scripting: PowerShell, Python
Experience with the following preferred but not required:
SailPoint Identity Security Cloud (ISC)
Microsoft Identity Products (MIM PAM, PIM, etc.)
Experience working in regulated industries preferred (financial services, healthcare, etc.).
Bachelor’s degree in Computer Science, Information Systems, or related field preferred.
Preferred certifications: CISSP, CISM, Microsoft Identity certifications, or vendor certifications (SailPoint, Delinea).
Summary of Qualifications
Ability to support integrations into Delinea, SailPoint, and Azure AD/Entra ID with a strong skill set for API development and integration.
Ability to analyze, interpret, and correct data inconsistencies, errors, gaps, and inaccuracies for impact.
Strong understanding of IAM principles, including details for least privileged, joiner, mover, and leaver operations.
Strong understanding of workflows from systems of record through many different layers of IAM to application use.
Strong understanding of Azure AD, including lifecycle management for all account types.
Strong knowledge of AWS.
Knowledge of client-server applications, multi-tier web applications, relational databases, and cloud IAM and security tools.
Strong understanding of SSO, OAuth, OpenID, and SAML.
Experience with Workday integrations.
Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; Pittsburgh, PA. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.
The salary range for this position, if located in NY Metro/NY State is $154,564 to $171,738. However, please note that the salary range will vary for other geographic areas.
#INDHP
Our Employee Value Proposition
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.
