Vice President, Enterprise Risk Management

About the role

Merrick Bank: The bank that builds CardWorks Servicing: One partner, total performance Carson Smithfield: Resolution with respect With nearly 40 years of operating history, our track record is solid: disciplined in downturns and built to accelerate in recovery. The CardWorks Financial Group companies take precise approach in complex markets, as a top three non-prime focused general purpose card issuer and a top fifteen U.S. merchant acquirer. Our team tackles the industry's most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow. CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees. Founded in 1997, Merrick Bank is an FDIC®-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses. Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management. Position Summary: The Vice President, Enterprise Risk Management is responsible for providing strategic leadership, oversight, and continuous enhancement of Merrick Bank's ("Bank") Enterprise Risk Management ("ERM") Program, including the comprehensive oversight of the Third‑Party Risk Management ("TPRM") Program. This role leads a team responsible for ensuring enterprise‑wide risks-including those arising from third‑party relationships-are effectively identified, assessed, monitored, and reported in alignment with regulatory requirements, industry best practices, and the Bank's risk appetite. This role requires strategic cross-functional collaboration and executive-level influence to ensure effective risk governance across the enterprise. Essential Functions: Leads the design, execution, and ongoing enhancement of the Enterprise Risk Management (ERM) framework, ensuring enterprise‑wide consistency in risk identification, assessment, monitoring, and reporting. Provides strategic oversight of the Third‑Party Risk Management (TPRM) program, including governance across the full third‑party lifecycle, in alignment with regulatory guidance and the Bank's risk appetite. Works across the first and second lines of defense to deliver clear, actionable enterprise and third‑party risk insights to senior management, risk committees, and the Board. Oversees enterprise risk assessments, risk appetite monitoring, key risk indicators (KRIs), and risk profile reporting, ensuring alignment with internal governance standards and regulatory expectations. Aggregates and synthesizes risk information from multiple sources to identify emerging risks, trends, control gaps, and remediation status. Serves as a trusted enterprise and third‑party risk advisor to executive leadership and governance forums, providing independent challenge and risk perspective. Collaborates closely with Compliance, Credit Risk, Information Security, Legal, Vendor Management, and business leadership to strengthen risk governance, data quality, and risk mitigation outcomes. Leads, develops, and mentors high‑performing ERM and TPRM teams, promoting strong risk culture, accountability, and continuous improvement. Maintains and continuously improves the GRC system of record-including governance, data quality, workflows, and reporting-to ensure reliable risk, issue, and third‑party records and reduce manual workarounds. Delivers executive, committee, and Board‑level risk reporting, including dashboards and risk insights that support informed decision‑making and effective oversight. Maintains and enhances risk management policies, standards, reporting tools, and GRC platforms to improve efficiency, transparency, and regulatory alignment. Performs other duties as assigned Compliance with Laws & Regulations: Responsible for complying with all of the Bank's internal control policies and procedures.