Internal Auditor - IT security specialist

Are you passionate about making an impact through technology and controls? At SumUp, we’re looking for an IT Internal Auditor to strengthen our Internal Audit team in Berlin. In this role, you’ll help ensure our IT environment is secure, compliant, and ready to support millions of businesses worldwide.

Team Description

You’ll be part of our Internal Audit team, reporting directly to the Global Head of Internal Audit. The team plays a crucial role in safeguarding SumUp’s operations, ensuring compliance with regulatory requirements, and driving continuous improvement across the business. This role focuses on strengthening our IT audit capabilities— an essential part of our audit plan and risk management strategy.

What You’ll Do

• Lead and execute IT-focused internal audits, ensuring that SumUp’s systems and controls meet regulatory and business requirements
• Uncover insights and improve audit efficiency by analysing data: run queries, extract information from systems, and apply advanced analytics
• Develop a focused IT audit plan, shaping how we evaluate technology risks across the company
• Translate findings into clear, actionable recommendations and present them with confidence to management and stakeholders
• Act as an independent voice for control and compliance, building trust while navigating resistance and influencing change
• Build strong relationships with stakeholders to foster a culture of proactive internal controls
• Stay ahead of the curve by keeping up with evolving IT standards, regulations, and best practices
• Conduct targeted audits of AWS security standards and access controls across our cloud environment, ensuring credit card data stored in cloud services is adequately protected;
• Perform risk-based reviews of payment products and ensure security requirements are consistently embedded throughout the development lifecycle.
• Identifying anomalies or excessive privileges across different systems and payment platforms.

You’ll Be Great for This Role If

• You have at least 4 years of internal audit experience within a regulated financial services environment.
• You bring proven IT auditing expertise and strong knowledge of audit standards and risk management.
• You are experienced with IT general controls, compliance, governance, and security frameworks (e.g. COBIT, ISO 27001, PCI DSS, ITIL, NIST, LGPD, GDPR).
• You have advanced data analytics skills and can leverage them in your audit work.
• You communicate clearly in English and are skilled in writing impactful reports.
• You are ethical, independent, and confident in influencing change across different levels of the organisation.

Nice to have: Professional certifications such as CIA, CISA, CPA, CISSP, CISM, or CRISC; knowledge of data analytics tools.

Why You Should Join SumUp

Opportunity to work with SumUppers globally on large-scale fintech products used by millions of businesses worldwide, from our Berlin office. This involves an office-first setup.

Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity, fostering an inclusive environment where everyone's perspectives are respected and embraced.

Enrollment onto our Virtual Stock Option programme: you will own a stake in SumUp’s future success.

A dedicated annual L&D budget of €2000 for attending conferences and/or advancing your career through further education.

A corporate pension scheme where we match up to 20% of your contributions.

Generous time off: enjoy 28 days of paid leave plus public holidays and special leave days.

Numerous other benefits such as Urban Sports Club subsidy, Kita placement assistance, subsidised office lunches.

Break4me: 1-month sabbatical after 3 years of service.

Referral Bonus: earn additional rewards by referring talented individuals to join the SumUp team.

SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.

SumUp will not accept unsolicited resumes from any source other than directly from a candidate.