The Identity and Access Management Lead Engineer will work in the Merrick Bank and CardWorks security team, responsible for day-to-day activities regarding identity and access creation. The role involves designing solutions, engineering integrations, and managing tools and data to protect the companies' data, customers, and computer systems. The ideal candidate will have 8+ years of experience in Identity & Access Management, Information Security, or Cybersecurity Engineering.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
Become an everyday champion โ and build a career where your impact fuels financial progress.
What We Do
CardWorks Financial Group is a diversified financial services platform building ethical solutions across credit, lending, and the full customer lifecycle. Through our family of companies, CardWorks Financial Group tackles the complex challenges that larger financial institutions leave behind. Weโre embedded throughout the credit card ecosystem as a lender, servicer, and merchant acquirer.
Who We Are
- Merrick Bank: The bank that builds
- CardWorks Servicing: One partner, total performance
- Carson Smithfield: Resolution with respect
Our team tackles the industryโs most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans.โฏ We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Founded in 1997, Merrick Bank is an FDICยฎ-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary
The Identity and Access Management (IAM) Lead Engineer will work in the Merrick Bank and CardWorks security team. They will responsible for day-to-day activities regarding identity and access creation, risk-based access control, attribute-based access control, role-based access control, privileged access management, access modifications, and access terminations. They will be the primary contact for support of tools within the information security team from an IAM perspective.
The IAM Lead Engineer will design solutions, engineer integrations, set up processes, provide reporting, instruct other teams on said processes and integrations, and manage tools and data.
They implement, operate, monitor, and improve information security processes and systems that protect the companiesโ data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism.
Essential Functions
Privileged Access Management (PAM) Tool Ownership & Administration
Expectation: Serves as the primary engineer responsible for the PAM platformโs daily function, configuration, and reliability.
- Administer access to the PAM platforms, including onboarding users, roles, and entitlements within the tools
- Configure privileged access workflows, credential vaulting, rotation, session controls, and integrations
- Monitor PAM system performance, availability, errors, and audit logs
- Troubleshoot and remediate PAMโrelated issues affecting access, automation, or integrations
- Partner with business and infrastructure teams to onboard new privileged use cases into PAM
Expectation: Serves as the primary engineer responsible for the PAM platformโs daily function, configuration, and reliability.
- Be the day to day technology owner of identity governance, lifecycle, and authentication platforms by leading:
- Troubleshooting
- Integration validation
- Operational execution
- Execute IAM tasks according to established processes and approvals
- Lead application and service integrations with IAM tooling
- Utilize scripting, APIs, and automation to improve IAM operational efficiency
- Assist with configuration changes and platform enhancements under established governance
Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Expectation: Actively supports monitoring, investigation, and response activities related to IAM security signals.
- Support detective IAM controls, including logging, alerting, and access review evidence collection
- Configure and monitor IAM and PAM log activity for anomalous or unauthorized behavior
- Lead identityโrelated investigations, incidents, and penetration testing efforts
- Gather and analyze IAM and PAM data for audits, incident response, and forensic activities
- Collaborate with security teams during accessโrelated security events to assess impact and remediate issues
Expectation: Operates as a dependable engineering partner who improves IAM services through execution and feedback.
- Collaborate with application, infrastructure, and security teams and drive projects to implement standardized IAM and PAM practices
- Provide IAM and PAM design input as part of discussions based on operational experience
- Document configurations, procedures, troubleshooting steps, and known issues
- Create and disseminate operational metrics, observations, and improvement recommendations
- Identify recurring issues and propose pragmatic improvements to tooling or processes
- 8+ years of experience in Identity & Access Management, Information Security, Cybersecurity Engineering
- Handsโon experience architecting and engineering IAM solutions in large, complex environments.
- Technical knowledge of IAM concepts including authentication, authorization, federation, directory services, identity lifecycle, access governance, and privileged access.
- Strong experience with at least several of the following technologies/tools:
- Delinea / Thycotic / Centrify
- Azure AD / Entra ID
- Active Directory, Group Policy, Kerberos, LDAP, Windows Server
- SSO, SAML, OAuth, OIDC
- Automation/Scripting: PowerShell, Python
- Experience with the following preferred but not required:
- SailPoint Identity Security Cloud (ISC)
- Microsoft Identity Products (MIM PAM, PIM, etc.)
- Experience working in regulated industries preferred (financial services, healthcare, etc.).
- Bachelorโs degree in Computer Science, Information Systems, or related field preferred.
- Preferred certifications: CISSP, CISM, Microsoft Identity certifications, or vendor certifications (SailPoint, Delinea).
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Ability to support integrations into Delinea, SailPoint, and Azure AD/Entra ID with a strong skill set for API development and integration.
- Ability to analyze, interpret, and correct data inconsistencies, errors, gaps, and inaccuracies for impact.
- Strong understanding of IAM principles, including details for least privileged, joiner, mover, and leaver operations.
- Strong understanding of workflows from systems of record through many different layers of IAM to application use.
- Strong understanding of Azure AD, including lifecycle management for all account types.
- Strong knowledge of AWS.
- Knowledge of client-server applications, multi-tier web applications, relational databases, and cloud IAM and security tools.
- Strong understanding of SSO, OAuth, OpenID, and SAML.
- Experience with Workday integrations.
The salary range for this position, if located in NY Metro/NY State is $154,564 to $171,738. However, please note that the salary range will vary for other geographic areas.
#INDHP
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We are proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to age, race, color, sex, or gender identity/expression (including pregnancy, childbirth, transgender status, or sexual orientation), religion or creed, ancestry, citizenship, national origin, disability, military or veteran status, marital status, genetic information, or any other characteristic protected by applicable law.
We do not tolerate discrimination, harassment, or retaliation. Employment decisions are based solely on qualifications, merit, and business needs. Everyone is welcome here, and we hire based on your ability to do the job, not any protected characteristics.
If you need help or reasonable accommodation during the application or hiring process, please let your TA Partner know.
Similar Jobs
Explore other opportunities that match your interests