Nu was born in 2013 with the mission to fight complexity to empower people in their daily lives by reinventing financial services. We are one of the world’s largest digital banking platforms, serving millions of customers across Brazil, Mexico, and Colombia. For more information, visit our institutional page here .

About the team

The IT SOx team is responsible for the development of strategies, methodologies, and processes to enable compliance for all Nu Holdings and its companies, designing and overseeing IT control implementations, periodically testing their effectiveness, and recommending proper redesigns or remediations to improve maturity. We conduct root cause and severity analyses to determine the level of priority the business areas must have in order to achieve the right and most frictionless IT control environment to sustain our business.

About the role

• The SOx IT Sr. Analyst role is about overseeing and reviewing all SOx IT risk initiatives related to long and short-term projects and operations (Brazil, Mexico, and Colombia). This role includes supporting 1LoD to design ITGCs, planning and executing walkthroughs, tests of design (ToD), and tests of effectiveness (ToE), identifying improvements in existing operations and processes, and aligning our recommendations to the best-in-breed industry-specific frameworks with key SOx risk objectives.
• Additionally, drive new analytical initiatives and projects to improve the efficiency of SOx control testing and direct the development and implementation of methodologies and techniques to ensure that practices remain responsive to all relevant customers and stakeholders.

You'll be responsible for

• Identify new IT Components in the SOx scope;
• Mapping IT processes and risks and recommending improvements in accordance with best practices;
• Support 1LoD to identify IT key controls and compensatory controls to mitigate the risks;
• Execute walkthroughs, tests of design, and tests of effectiveness;
• Analyze the severity of deficiencies;
• Validate the action plans to remediate deficiencies;
• Monitor the action plans and deadlines to remediate the deficiencies identified;
• Use ETL processes for database analysis, datasets, and connections with other services for the continuous assessment of internal controls;
• Participate in internal initiatives focused on improving the SOx process (e.g., Methodology Update, Risk Management Tool Implementation, Test Automation, etc.);
• Work closely with the risk management business units to develop and coordinate tailored and integrated initiatives;
• Design policies, procedure manuals, technical manuals, methodologies, requirements, and any other risk management-related documentation;
• Track key objectives, indicators, and action plans with the appropriate involved parties, reporting results and proposing adjustments prior to reaching the objective target;
• Create relevant materials to enable forums and committees to be informed, discuss, take decisions, and communicate to the proper public.

We are looking for a person who has

• Experience with SOx control testing campaigns, design, and oversight of control implementation;
• Ability to deal with SOx root cause, substantive, and severity analysis definition, conduction, review, and presentation;
• Experience in ETL/ELT in a Cloud Environment;
• Knowledge of SQL, Scala, or other data manipulation language;
• Knowledge of programming languages;
• Experience with internal controls documentation, such as risk matrices, audit working papers, tests of operating effectiveness library, and generally in result reports;
• Ability to align action plans with other areas focused on SLAs and efficiency;
• Ability to support the BU on the new control's creation;
• Expertise in identifying risks and recommending controls;
• Identifying new technology components and scopes and bringing them to discussion;
• Autonomy and ownership with the need for some level of guidance;
• Previous experience working in Big 4 companies;
• Influencing skills to deal and communicate with different levels of stakeholders;
• Clear and concise communication skills;
• Hands-on experience and approach;
• Knowledge in Google Docs, Big Query, Data Bricks, Jira, Confluence;
• Knowledge of blockchain and crypto products;
• Advanced level of English.

Our Nu Way of Working

Our work model is hybrid and has cycles that can be from two to three months according to the business of expertise. For every eight or twelve weeks of remote work, one will be at the office.

At Nu, we are committed to building a diverse and inclusive workplace that reflects the customers we serve and seek to empower. We hire based on equality, considering gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring none of them represent a barrier when recruiting fantastic talent.