SOX Compliance Program Manager

We believe in the everyday hero, those who have the courage to follow their passion and the determination to realize their dreams.

Small business owners are at the heart of all we do, so we\’re creating powerful, easy-to-use financial solutions to help them run their businesses. With a founder’s mentality and a team-first attitude, our diverse teams across Europe, South America, and the United States work together to ensure that small business owners can be successful doing what they love.

Team Description

Our Risk & Compliance team sits at the heart of how SumUp builds trust — with our merchants, regulators, and partners. We design and maintain the frameworks that keep SumUp safe, transparent, and ready for scale.

As part of the GRC function, you’ll work alongside experts across Finance, Legal, Tech, and Operations to strengthen our internal control environment and ensure that every process supports sustainable growth. This team acts as both advisor and challenger, enabling innovation while ensuring we operate to the highest standards of accountability. You’ll play a key role in shaping how SumUp prepares for future regulatory requirements, embedding a culture of integrity across the business.

In this position you will lead the design, operation and continuous enhancement of our SOX 404 / ICFR compliance program. You will act as the program manager for all ICFR-related initiatives, working cross-functionally with Finance, Engineering, Product, Operations and external audit to ensure our disclosure-ready controls over financial reporting are robust, documented, tested and remediated.

Manage the full life‑cycle of the SOX & ICFR program: risk‑scoping, control design/documentation, testing, remediation and reporting.

Establish and maintain an ICFR control framework designed for scalability, automation and growth.

Coordinate with cross‑functional control owners (Finance, Engineering, Product, Business Operations) to embed control design and testing in key processes.

Serve as the key liaison for external auditors during annual SOX 404 and quarterly ICFR testing cycles.

Lead remediation efforts: identify material weaknesses or significant deficiencies, partner with control owners to execute action plans and track closure.

Drive program efficiency by leveraging GRC tools and promoting automation of control testing and monitoring.

Develop reporting and dashboards for senior leadership and the Audit Committee on ICFR status, key‑metrics, trends and improvement roadmaps.

Build strong relationships with stakeholders and promote a culture of financial‑reporting excellence and control awareness.

You’ll Be Great for This Role If

7-10 years of experience in SOX 404 / ICFR compliance roles (public company environment strongly preferred).

Deep knowledge of ICFR (Internal Controls over Financial Reporting) frameworks (COSO, SOX 404), financial reporting risks and SOX audit requirements.

Proven track‑record designing and implementing ICFR programs: risk assessment, control documentation (narratives / Risk‑Control Matrices), testing and remediation.

Strong project‑management and stakeholder‑influence skills; able to lead across Finance, IT and business operations.

Experience with GRC tools or control‑testing platforms preferred.

Excellent written/verbal communication skills and executive presence.

SOX Compliance Program Manager

About SumUp

We believe in the everyday hero, those who have the courage to follow their passion and the determination to realize their dreams.

Small business owners are at the heart of all we do, so we\’re creating powerful, easy-to-use financial solutions to help them run their businesses. With a founder’s mentality and a team-first attitude, our diverse teams across Europe, South America, and the United States work together to ensure that small business owners can be successful doing what they love.

Team Description

Our Risk & Compliance team sits at the heart of how SumUp builds trust — with our merchants, regulators, and partners. We design and maintain the frameworks that keep SumUp safe, transparent, and ready for scale.

As part of the GRC function, you’ll work alongside experts across Finance, Legal, Tech, and Operations to strengthen our internal control environment and ensure that every process supports sustainable growth. This team acts as both advisor and challenger, enabling innovation while ensuring we operate to the highest standards of accountability. You’ll play a key role in shaping how SumUp prepares for future regulatory requirements, embedding a culture of integrity across the business.

This role can be based in:

• Berlin
• Sofia
• London

What You’ll Do

In this position you will lead the design, operation and continuous enhancement of our SOX 404 / ICFR compliance program. You will act as the program manager for all ICFR-related initiatives, working cross-functionally with Finance, Engineering, Product, Operations and external audit to ensure our disclosure-ready controls over financial reporting are robust, documented, tested and remediated.

• Manage the full life-cycle of the SOX & ICFR program: risk-scoping, control design/documentation, testing, remediation and reporting.
• Establish and maintain an ICFR control framework designed for scalability, automation and growth.
• Coordinate with cross-functional control owners (Finance, Engineering, Product, Business Operations) to embed control design and testing in key processes.
• Serve as the key liaison for external auditors during annual SOX 404 and quarterly ICFR testing cycles.
• Lead remediation efforts: identify material weaknesses or significant deficiencies, partner with control owners to execute action plans and track closure.
• Drive program efficiency by leveraging GRC tools and promoting automation of control testing and monitoring.
• Develop reporting and dashboards for senior leadership and the Audit Committee on ICFR status, key-metrics, trends and improvement roadmaps.
• Build strong relationships with stakeholders and promote a culture of financial-reporting excellence and control awareness.

You’ll Be Great for This Role If

• 7-10 years of experience in SOX 404 / ICFR compliance roles (public company environment strongly preferred).
• Deep knowledge of ICFR (Internal Controls over Financial Reporting) frameworks (COSO, SOX 404), financial reporting risks and SOX audit requirements.
• Proven track‑record designing and implementing ICFR programs: risk assessment, control documentation (narratives / Risk‑Control Matrices), testing and remediation.
• Strong project-management and stakeholder-influence skills; able to lead across Finance, IT and business operations.
• Experience with GRC tools or control-testing platforms preferred.
• Excellent written/verbal communication skills and executive presence.

🇩🇪 Berlin, Germany

🌎 Opportunity to work with SumUppers globally on large-scale fintech products used by millions of businesses worldwide, from our Berlin office.🌈 Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity.🚀 Enrolment onto our VSOP program: you will own a stake in SumUp’s future success.📚 €2,000 annual L&D budget for conferences or professional growth.💶 Corporate pension scheme with up to 20% matching.🏖 28 days of paid leave plus public holidays.🏋️♀️ Urban Sports Club subsidy and subsidised lunches.🌴 Break4me: 1-month sabbatical after 3 years.🔗 Referral Bonus: earn additional rewards by referring talented individuals.

At SumUp

At SumUp, we’re on a mission to empower small businesses around the world with simple, affordable tools to help them start, run, and grow. More than 4 million merchants across 36 markets trust us as their financial partner — and we’re just getting started.

We’re a global team of 3,000+ people from over 90 nationalities, united by curiosity, collaboration, and care. Our core values and culture shape everything we do, fostering inclusion, learning, and belonging.

SumUp is proud to be an Equal Employment Opportunity employer, committed to building a safe, respectful, and diverse workplace where everyone can thrive.

👉 Explore more about our culture on our careers site , or follow us on LinkedIn and Instagram.

Job Application Tip

We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.

Always Active