SOx IT Specialist

About Us

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/

About the team

Be part of the SOx Team, contributing to continuous improvements in the IT General Controls (ITGC), Automated and IT-dependent controls environment at Nubank. The team ensures compliance with SOx requirements and international frameworks (e.g., COSO, COBIT, PCAOB standards), partnering with Engineering, Information Security, IAM, Platform, Data, Controllership, Finance, and Product squads to guarantee that technology processes and components supporting financial reporting are properly designed, operated, and evidenced.

We act as 2nd Line of Defense for SOx, challenging and supporting 1LoD teams in the correct and efficient execution of internal controls in line with Nubank’s Internal Controls and SOx IT Methodology.

About the role

As a SOx IT Specialist, you will be a senior individual contributor and subject-matter expert for IT controls over financial reporting, with strong autonomy and influence across multiple domains and countries.You will:

• Own and lead the assessment of the company’s SOx IT control environment, focusing on Logical access management, Change management, IT operations, automated controls, IT-dependent manual controls, and cybersecurity.

• Drive scoping and risk assessment of IT components (third‑party applications, internal services/microservices, automations, infrastructure, datasets, notebooks, etc.) that are relevant to ICFR, applying Nubank’s SOx IT scope methodology.

• Perform and review walkthroughs and design assessments for ITGCs, IT-dependent controls, automatic controls, challenging control design, coverage of risks, and evidence quality.

• Plan and execute Tests of Design (ToD) and Tests of Effectiveness (ToE) for IT controls.

• Coordinate remediation and action plans with Engineering, InfoSec, IAM, and business teams, ensuring robust root-cause analysis, sustainable fixes, and timely closure of IT control deficiencies and audit findings.

• Act as primary counterpart for external auditors and Internal Audit on SOx IT topics (scope, methodology, sampling, exceptions, deficiencies), supporting walkthroughs, evidence requests, and technical discussions.

• Contribute to the continuous improvement of SOx IT methodology, templates, and guidelines (e.g., sampling, population completeness, IPE standards, quality review checklists).

• Help design and challenge IT control automation and monitoring (e.g., control bots/Controlinhos, dashboards, alerts) to increase coverage and reduce manual effort and error risk.

• Mentor and support junior analysts on ITGC concepts, testing techniques, documentation standards, and interaction with tech squads, raising the overall quality bar of the team.

• Promote synergy and governance between SOx, Engineering, InfoSec, IAM, Controllership, and other stakeholders through routines, trainings, workshops, and forums focused on IT controls.

Basic Qualifications

• 6+ years of experience in IT Audit, IT Risk, IT Compliance, or SOx IT (e.g., Big 4, internal audit, financial institutions, fintechs, or tech companies).

• Solid knowledge of SOx 404, PCAOB standards, COSO, and main IT control frameworks (e.g., COBIT, NIST), especially as they relate to ICFR.

• Proven hands-on experience with IT General Controls over:

• Logical access (IAM, SSO/IdP, SoD, privileged access, user lifecycle);

• Change management (code review, approvals, segregation of duties, emergency changes);

• IT operations (job processing, interfaces, monitoring, incident/problem management).

• Experience assessing IT controls in cloud and modern architectures (e.g., AWS, microservices, APIs, data platforms, CI/CD pipelines).

• Experience with enterprise/SaaS applications relevant to financial reporting (e.g., ERP such as SAP/Oracle, HR/Payroll, Treasury, core banking/ledger, reconciliation tools).

• Experience evaluating SOC 1 Type 2 reports, complementary user entity controls, and their impact on SOx.

• Strong ability to analyze technical evidence (logs, configurations, scripts, SQL/queries, access listings) and connect it to control objectives and financial risks.

• Excellent skills in structuring and documenting workpapers (narratives, flowcharts, RCMs, ToD/ToE, conclusions) in English.

• Fluent English (written and spoken), able to lead discussions and defend positions with external auditors and global stakeholders.

• Strong communication and organizational skills, and the ability to work independently.

Preferred Qualifications

• Experience working in multicultural teams across different countries and time zones.

• Previous experience in digital bank, fintech, or technology‑driven environments, with exposure to microservices, event‑driven architectures, and DevOps practices.

• Hands-on experience with identity and access management tools (e.g., Okta or similar), cloud platforms (e.g., AWS), and version control/CI-CD tools (e.g., GitHub, pipelines).

• Experience with process and control improvement, including automation, use of data/analytics for testing, or control monitoring solutions.

• Comfort in reading, interpreting, and analyzing data (e.g., SQL, notebooks, dashboards) to support control testing and investigations.

• Previous experience in Big 4 and/or regulated financial institutions.

• Knowledge of business operational processes.
  

Benefits

• Chance of earning equity at Nubank

• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)

• Public Transportation Commuting Benefit (Vale-Transporte)

• NuCare – Psychological, Financial and Legal Assistance Program

• Life Insurance

• Medical Plan

• Dental Plan

• NuLanguage – Language Course Program

• Nucleo - Our learning platform of courses

• Extended Parental Leave

• Daycare Allowance

• Parental Consultancy

• Work-from-home Allowance

• Gym Partnerships

• 30 days of paid vacation

• Relocation Assistance Package, if applicable

Work Model for this Role

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/