Manager Identity & Access Management

The IAM Manager is responsible for the day-to-day leadership, execution, and continuous improvement of identity and access management (IAM) detective controls and supporting automation. This role leads a technical team that operates access monitoring, certifications, reconciliations, and alerting capabilities that detect unauthorized or inappropriate access across the enterprise.

The manager ensures IAM detective controls operate effectively, consistently, and in compliance with internal security standards and regulatory expectations. This role partners closely with IAM engineering, cybersecurity operations, risk management, internal audit, and application teams to mature controls through automation, improved data quality, and scalable processes.

The ideal candidate combines people leadership, operational discipline, and technical understanding of IAM controls, with a strong focus on reducing manual effort, improving detection capabilities, and maintaining audit readiness.

Essential Functions:

Leadership & Operational Management

Expectation: Lead the daily operations of a technical IAM controls team, ensuring consistent execution, accountability, and reliable delivery of detective access management services.

• Provide day-to-day leadership, supervision, and direction for a team responsible for IAM detective controls and automation.
• Set clear performance expectations, prioritize work, manage workload distribution, and support ongoing skill development of team members.
• Serve as the escalation point for complex operational issues, control failures, or security-relevant findings.
• Ensure consistent execution of IAM detective control processes in alignment with policies, standards, and documented procedures.

IAM Detective Control Execution

Expectation: Ensure detective IAM controls operate effectively and consistently to identify unauthorized or inappropriate access in a timely manner.

• Oversee the execution of detective access management controls, including access certifications, authentication configuration reviews, access monitoring, and exception handling.
• Ensure controls effectively detect unauthorized access, inappropriate privilege assignments, and policy violations.
• Coordinate timely investigation, escalation, and remediation of access issues identified through detective controls.
• Maintain operational ownership of control results, tracking issues through remediation and closure.

Detective IAM Controls & Security Operations Support

Expectation: Actively supports monitoring, investigation, and response activities related to IAM security signals.

• Support detective IAM controls, including logging, alerting, and access review evidence collection
• Monitor IAM and PAM activity for anomalous or unauthorized behavior
• Assist with identity-related investigations, incidents, and penetration testing efforts
• Gather and analyze IAM and PAM data for audits, incident response, and forensic activities
• Collaborate with security teams during access-related security events to assess impact and remediate issues

Automation & Process Optimization

Expectation: Drive improvements to control effectiveness, efficiency, and scalability through automation and process maturity.

• Assist with efforts to automate IAM detective control execution, reporting, and evidence collection.
• Identify opportunities to reduce manual processes, spreadsheet dependency, and point-in-time reviews through automation and workflow improvements.
• Partner with IAM engineering and platform teams to improve control data accuracy, metadata completeness, and tool reliability.
• Drive continuous improvement of control processes through standardization, automation, and operational metrics.

Compliance, Audit, & Risk Support

Expectation: Maintain audit-ready IAM detective controls that meet regulatory, risk, and internal security expectations.

• Ensure IAM detective controls align with regulatory, audit, and internal risk management requirements.
• Coordinate audit preparation activities, including evidence collection, documentation, and control walkthroughs.
• Respond to audit inquiries and remediation requests related to IAM detective controls.
• Partner with risk, compliance, and audit teams to identify control gaps and implement corrective actions.

Cross-Functional Collaboration & Reporting

Expectation: Act as the operational liaison between IAM detective control operations and key security, technology, and risk stakeholders.

• Collaborate with IAM engineering, security operations, infrastructure, and application teams to support access monitoring and control effectiveness.
• Provide regular reporting on control performance, issues, trends, and improvement initiatives to leadership and stakeholders.
• Participate in IAM governance and security forums to represent detective control operations and provide operational insights.
• Support security incident investigations and access-related risk assessments as needed.

Do you have experience in Technology management?, Do you have a Bachelor's degree?, * Bachelor's degree in Information Security, Information Technology, Computer Science, or a related discipline; or an equivalent combination of education and relevant experience.

• 6 to 8 years of progressive experience in Identity and Access Management, information security operations, or IT control functions.
• 2 or more years of experience leading or managing a technical team, including responsibility for operational delivery, performance management, and prioritization of work.
• Hands-on experience operating or overseeing IAM detective controls such as access certifications, access monitoring, reconciliations, or identity-related alerting.
• Experience supporting audit, risk, and compliance activities within a regulated industry; financial services experience preferred.
• Experience driving process maturity and automation initiatives to reduce manual effort and improve control reliability.
• Familiarity with IAM platforms, access data models, automation tools, and identity-related logging or reporting capabilities.
• Working knowledge of regulatory and control frameworks such as SOX, SOC1, SOC2, or similar security and compliance standards., * Proven ability to lead and develop technical teams in an operational security or IAM environment.
• Strong understanding of identity and access management controls, particularly detective and monitoring controls.
• Experience driving process improvement and automation to enhance control effectiveness and efficiency.
• Solid understanding of audit, risk, and compliance expectations related to IAM.
• Ability to analyze access data, interpret control results, and drive remediation efforts.
• Strong organizational skills with the ability to manage multiple priorities and deadlines.
• Effective communicator capable of working with technical teams, auditors, and non-technical stakeholders.
• Demonstrated commitment to operational excellence, continuous improvement, and secure access practices.

Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; South Jordan, UT. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.

The salary range for this position, if located in NY Metro/NY State is $138,045 to $153,384. However, please note that the salary range will vary for other geographic areas.

Pulled from the full job description

• AD&D insurance
• Health insurance
• 401(k) matching
• Vision insurance
• Dental insurance
• Disability insurance
• Paid holidays, * Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.

CardWorks Financial Group is a diversified financial services platform building ethical solutions across credit, lending, and the full customer lifecycle. Through our family of companies, CardWorks Financial Group tackles the complex challenges that larger financial institutions leave behind. We're embedded throughout the credit card ecosystem as a lender, servicer, and merchant acquirer. Who We Are * Merrick Bank: The bank that builds * CardWorks Servicing: One partner, total performance * Carson Smithfield: Resolution with respect With nearly 40 years of operating history, our track record is solid: disciplined in downturns and built to accelerate in recovery. The CardWorks Financial Group companies take precise approach in complex markets, as a top three non-prime focused general purpose card issuer and a top fifteen U.S. merchant acquirer. Our team tackles the industry's most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Founded in 1997, Merrick Bank is an FDIC®-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.