Director, Enterprise Risk Management

Join our team - and take the next step in achieving a fulfilling career!

What We Do

At CardWorks, we aim to help people connect with possibility and opportunity using our financial servicing expertise. Building meaningful, long-term relationships with consumers, our employees, and our clients is what matters most.

Who We Are

CardWorks, Inc. is a diversified consumer finance service provider and parent company of CardWorks Servicing, LLC, Merrick Bank and Carson Smithfield, LLC.

CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.

Merrick Bank is an FDIC-insured Utah Industrial Loan Bank. Merrick operates three main business lines: credit cards, recreational lending, and merchant services.

Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.

Business Unit: Enterprise Risk Management

Department: Enterprise Risk Management

Job: Director

Title: Director, Enterprise Risk Management

Job Level: Director

FLSA Status: Exempt

EEO Category

Position Summary

The Director of Enterprise Risk Management (“ERM”) is responsible for leading the functional oversight, execution, and continuous enhancement of the Enterprise Risk Management program across Merrick Bank (“Bank”). This role partners closely with senior management and key stakeholders across the first and second lines of defense to ensure enterprise risks are identified, measured, monitored, and reported in a consistent and effective manner.

Essential Functions

• Provides functional leadership and oversight of the Enterprise Risk Management program across Merrick Bank and its Parent Company, CardWorks, ensuring consistent risk identification, assessment, monitoring, and reporting practices enterprise-wide.
• Works across the three lines of defense to manage the enterprise risk reporting framework, including the design, preparation, review, and enhancement of risk dashboards, metrics, trend analyses, and executive summaries for Senior Management, Risk Committees, and the Board of Directors.
• Aggregates risk information from multiple sources (e.g., risk appetite/tolerance monitoring, risk assessments, and issue management) to produce clear, concise, and actionable enterprise‑level risk reporting.
• Oversees the development and ongoing maintenance of enterprise risk profiles, risk appetite reporting, and key risk indicators (KRIs), ensuring alignment with internal governance standards and regulatory expectations.
• Monitors and reports on risk issues, control gaps, and remediation activities, including tracking status, identifying trends, and escalating concerns to ERM leadership as appropriate.
• Partners with first‑line business units and other second‑line functions (e.g., Compliance, Credit Risk, Information Security, Third‑Party Risk) to enhance the quality, consistency, and usability of risk data and reporting outputs.
• Supports the preparation of materials for enterprise risk governance forums, including management risk committees and Board or Board Committee meetings, and assists in presenting risk information to senior stakeholders.
• Drives continuous improvement of ERM reporting tools, templates, and processes, including leveraging systems of record and data analytics to improve efficiency, accuracy, and insight.
• Maintains related policies, standards, and procedures to ensure continued applicability and completeness.
• Performs other duties as assigned.

Compliance with Laws & Regulations

• Responsible for complying with all of the Bank’s internal control policies and procedures.
• Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
• Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

Education and Experience

• Bachelor’s degree in Risk Management, Finance, Business Administration, Accounting, or a related field required; advanced degree or professional certification (e.g., CRMA, FRM, CPA, CIA) preferred.
• Minimum of 6–8 years of progressive experience in Enterprise Risk Management, Operational Risk, or a related risk discipline within a financial services or regulated environment, with demonstrated leadership responsibility.

Summary of Qualifications

• Strong expertise in enterprise risk reporting, including development of executive and Board‑level materials, risk dashboards, metrics, and written risk summaries.
• Demonstrated experience aggregating and synthesizing complex risk information into clear, concise, and decision‑useful reporting for senior management and Boards.
• Solid understanding of ERM frameworks, risk governance practices, and regulatory expectations applicable to banking and financial services organizations.
• Proven ability to work cross‑functionally, influence stakeholders, and partner effectively with both first and second‑line teams.
• Excellent written and verbal communication skills, with a strong attention to detail and the ability to translate technical risk concepts into business‑focused insights.
• Experience with ERM systems and risk data repositories (e.g., risk assessment tools, issue management systems, reporting platforms) strongly preferred.

Work Environment/Physical Demands: Light

The physical requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

This is largely a sedentary role; however, some filing is required. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary.

Security Responsibilities - General

This classification requires heightened security awareness to safeguard the Bank's data, including customer non-public personal information. This security level means that the job includes exposure to all categories of Bank data, including customer non-public personal information.

General Disclosure

The above statements reflect the general information considered necessary to describe the principal functions of the job and should not be considered as a detailed description of all work requirements that may be inherent to the position. In addition, the incumbent may be called upon to personally handle projects or assignments not usually related to the position’s day-to-day activities. Understand and comply with laws and regulations that are applicable to my job function. Understand and comply with company policies and procedures that are applicable to my job function.

Our Employee Value Proposition

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable laws.