SOx IT Specialist

About Us

Nu is one of the largest digital financial platforms in the world with more than 122 million customers across Brazil Mexico and Colombia. Guided by our mission to fight complexity and empower people we are redefining financial services in Latin America and this is still just the beginning of the purple future were building.

Listed on the New York Stock Exchange (NYSE: NU) we combine proprietary technology data intelligence and an efficient operating model to deliver financial products that are simple accessible and human.

Our impact has been recognized by global rankings such as Time 100 Companies Fast Companys Most Innovative Companies and Forbes Worlds Best Bank. Visit our institutional pagehttps:// the team

Be part of the SOx Team contributing to continuous improvements in the IT General Controls (ITGC) Automated and IT-dependent controls environment at Nubank. The team ensures compliance with SOx requirements and international frameworks (e.g. COSO COBIT PCAOB standards) partnering with Engineering Information Security IAM Platform Data Controllership Finance and Product squads to guarantee that technology processes and components supporting financial reporting are properly designed operated and evidenced.

We act as2nd Line of Defense for SOx challenging and supporting 1LoD teams in the correct and efficient execution of internal controls in line with Nubanks Internal Controls and SOx IT Methodology.

About the role

As a SOx IT Specialist you will be a senior individual contributor and subject-matter expert for IT controls over financial reporting with strong autonomy and influence across multiple domains and will:

• Own and lead the assessment of the companys SOx IT control environment focusing on Logical access management Change management IT operations automated controls IT-dependent manual controls and cybersecurity.

• Drive scoping and risk assessment of IT components (thirdparty applications internal services/microservices automations infrastructure datasets notebooks etc.) that are relevant to ICFR applying Nubanks SOx IT scope methodology.

• Perform and review walkthroughs and design assessments for ITGCs IT-dependent controls automatic controls challenging control design coverage of risks and evidence quality.

• Plan and execute Tests of Design (ToD) and Tests of Effectiveness (ToE) for IT controls.

• Coordinate remediation and action plans with Engineering InfoSec IAM and business teams ensuring robust root-cause analysis sustainable fixes and timely closure of IT control deficiencies and audit findings.

• Act as primary counterpart for external auditors and Internal Audit on SOx IT topics (scope methodology sampling exceptions deficiencies) supporting walkthroughs evidence requests and technical discussions.

• Contribute to the continuous improvement of SOx IT methodology templates and guidelines (e.g. sampling population completeness IPE standards quality review checklists).

• Help design and challenge IT control automation and monitoring (e.g. control bots/Controlinhos dashboards alerts) to increase coverage and reduce manual effort and error risk.

• Mentor and support junior analysts on ITGC concepts testing techniques documentation standards and interaction with tech squads raising the overall quality bar of the team.

• Promote synergy and governance between SOx Engineering InfoSec IAM Controllership and other stakeholders through routines trainings workshops and forums focused on IT controls.

Basic Qualifications

• 6 years of experience in IT Audit IT Risk IT Compliance or SOx IT (e.g. Big 4 internal audit financial institutions fintechs or tech companies).

• Solid knowledge of SOx 404 PCAOB standards COSO and main IT control frameworks (e.g. COBIT NIST) especially as they relate to ICFR.

• Proven hands-on experience with IT General Controls over:

• Logical access (IAM SSO/IdP SoD privileged access user lifecycle);

• Change management (code review approvals segregation of duties emergency changes);

• IT operations (job processing interfaces monitoring incident/problem management).

• Experience assessing IT controls in cloud and modern architectures (e.g. AWS microservices APIs data platforms CI/CD pipelines).

• Experience with enterprise/SaaS applications relevant to financial reporting (e.g. ERP such as SAP/Oracle HR/Payroll Treasury core banking/ledger reconciliation tools).

• Experience evaluating SOC 1 Type 2 reports complementary user entity controls and their impact on SOx.

• Strong ability to analyze technical evidence (logs configurations scripts SQL/queries access listings) and connect it to control objectives and financial risks.

• Excellent skills in structuring and documenting workpapers (narratives flowcharts RCMs ToD/ToE conclusions) in English.

• Fluent English (written and spoken) able to lead discussions and defend positions with external auditors and global stakeholders.

• Strong communication and organizational skills and the ability to work independently.

Preferred Qualifications

• Experience working in multicultural teams across different countries and time zones.

• Previous experience in digital bank fintech or technologydriven environments with exposure to microservices eventdriven architectures and DevOps practices.

• Hands-on experience with identity and access management tools (e.g. Okta or similar) cloud platforms (e.g. AWS) and version control/CI-CD tools (e.g. GitHub pipelines).

• Experience with process and control improvement including automation use of data/analytics for testing or control monitoring solutions.

• Comfort in reading interpreting and analyzing data (e.g. SQL notebooks dashboards) to support control testing and investigations.

• Previous experience in Big 4 and/or regulated financial institutions.

• Knowledge of business operational processes.
  

Benefits

• Chance of earning equity at Nubank

• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)

• Public Transportation Commuting Benefit (Vale-Transporte)

• NuCare Psychological Financial and Legal Assistance Program

• Life Insurance

• Medical Plan

• Dental Plan

• NuLanguage Language Course Program

• Nucleo - Our learning platform of courses

• Extended Parental Leave

• Daycare Allowance

• Parental Consultancy

• Work-from-home Allowance

• Gym Partnerships

• 30 days of paid vacation

• Relocation Assistance Package if applicable

Work Model for this Role

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week on strategic days designed to maximize team connection and collaboration. For more details visithttps:// Experience:

IC