About Cardlytics
Remember that time you got cash back on a cup of coffee through your banking app? That was us!Cardlytics (NASDAQ: CDLX) is the industry-leading purchase intelligence and incentives platform. We are a product-driven company that cares about three things: our people, our customers, and our partners. Together, we make commerce more rewarding for everyone by helping businesses attract, understand, and incentivize consumers through their banks’ digital channels.
About the Team
The Governance, Risk, and Compliance (GRC) team is a cornerstone of our organization’s commitment to operational excellence and compliance. By managing critical risk and compliance frameworks, the team ensures adherence to regulations, strengthens internal controls, and drives collaboration across business functions to mitigate risks and maintain trust with stakeholders.
About the Position
Cardlytics is seeking a detail-oriented Senior Risk & Compliance Analyst to take ownership of key governance, risk and compliance processes, reporting to the Director, Risk & Compliance. The ideal candidate will have 2–4 years of experience, preferably with a BIG4 background, and a strong understanding of audit frameworks, risk management, and compliance processes. This role will be responsible for maintaining and enhancing foundational GRC functions, ensuring seamless execution, and supporting the organization’s compliance objectives.This is an exciting opportunity to contribute to the maturity of our GRC program while working cross-functionally to manage critical compliance tools, frameworks, and certifications.
Responsibilities:
- Represent the Risk and Compliance function and actively engages in all GRC and internal audit initiatives and additional responsibilities as required
- Own and maintain the organization’s Risk and Control Matrix (RACM), ensuring the control environment adapts as the company evolves
- Manage our AuditBoard platform, ensuring it is updated with current control documentation, findings, and certifications
- Oversee the execution of quarterly 302 certification processes, ensuring timely and accurate completion by relevant stakeholders
- Provide support to the business with ongoing improvement and innovation of audit programs, including the identification of opportunities for streamlining and automation
- Develop, update, and maintain control narratives to support compliance with regulatory and audit requirements, ensuring they align with business processes and objectives
- Manage the tracking and remediation of audit findings, collaborating with control owners and cross-functional stakeholders to resolve issues identified by SOX, SOC, and bank audits
- Lead efforts to map organizational controls to the COSO framework, ensuring robust alignment with industry best practices and standards
- Help execute a Segregation of Duties assessment as well as assist Internal Audit in identifying compensating controls for any identified SOD conflicts
- Build a comprehensive understanding of business applications and maintain active relationships across the company to facilitate audit execution
- Assist in implementing a metrics program to ensure all audits are running effectively
- Collaborate with engineering, product, legal, and other stakeholders to develop scalable, business-enabling compliance solutions
Minimum Qualifications
- Comfortable working in a fast-paced, high-growth environment and navigating ambiguity with optimism and focus.
- Bachelor’s degree in Accounting, Business, Information Systems, or a related field.
- 2–4 years of experience in GRC, audit, or compliance, preferably with a BIG4 firm.
- Strong understanding of SOX, SOC 1/2, and internal control frameworks such as COSO.
- Proficiency with GRC tools like AuditBoard or similar platforms.
- Exceptional organizational and analytical skills, with the ability to manage multiple priorities.
- Excellent verbal and written communication skills, with a proven ability to collaborate effectively across teams.
Preferred Qualifications
- Certifications such as ISO 27001 Lead Auditor/Implementer, CISA, CRISC, or CIA.
- Experience mapping controls to regulatory frameworks (e.g., COSO, COBIT)
- General knowledge of cloud technologies and platforms (e.g., AWS, Azure)
- Technical background in IT systems, software, or security controls implementation
Core Values
Our shared values are the driving force behind everything we do. Across all roles, we are looking for teammates who embody these values:
- Customer and Partner-first
- Act with Urgency and Focus
- Integrity with our partners and data
- Accountability even when challenged
- Empowerment over hierarchy
- Growth over comfort
Benefits and Perks
- Flexible paid time off plus company holidays
- Medical, dental, and vision insurance begins on your first day
- 401(k) retirement plan with company match, plan also includes a student loan debt repayment option
- Employee Stock Purchase Plan
- Educational assistance for continuing education
- Lifestyle Spending Account for physical, emotional, and financial wellness (like gym memberships, home down payments, art classes, park passes, and more!)
- Complementary Calm app subscriptions to support employee mental health and wellbeing
As an equal opportunity employer, Cardlytics is committed to diversity, equity, and inclusion. Our people bring our products and organization to life, and every unique perspective makes us better. If you can do the job and you’re excited about growing with us as we scale our best-in-class advertising platform, we’d love to hear from you. If you need accommodation in the recruiting process due to a disability, please email recruiting@cardlytics.com or inform your recruiter.
