
Cortea · Berlin
ÜBER UNS Wir sind Cortea, ein Berliner Startup, das Audits mit KI neu denkt. Klassische Prüfungen sind oft manuell, dokumentenlastig und binden wertvolle Exper...
Wir sind Cortea, ein Berliner Startup, das Audits mit KI neu denkt. Klassische Prüfungen sind oft manuell, dokumentenlastig und
binden wertvolle Expertenzeit während der Bedarf an Audits weiter steigt. Mit unserer KI-gestützten Software und spezialisierten
AI Agents automatisieren wir repetitive Arbeit, damit Auditor:innen sich auf das konzentrieren können, was wirklich zählt:
fundierte Entscheidungen.
Wir sind mit über 15 Mio. Euro von führenden VCs finanziert, haben ein funktionierendes Produkt im Markt und bereits zahlende
Kunden. Jetzt skalieren wir schnell.
Uns treiben First-Principles-Denken, Geschwindigkeit, Vertrauen und Freundlichkeit an. Wir bauen Cortea gemeinsam, direkt vor Ort
in unserem Berliner Office.
Diese Rolle ist für erfahrene Audit-Professionals, die keine Checklisten mehr abarbeiten wollen sondern Systeme entwickeln
möchten, die sie überflüssig machen.
Du bringst tiefes Praxiswissen darüber mit, wie Prüfungen wirklich funktionieren, und übersetzt dieses Wissen in strukturierte
Logik, die unsere Software skalierbar ausführen kann. Du musst kein:e Entwickler:in sein. Aber du denkst klar in Prozessen, kannst
komplexe Standards in konkrete Regeln zerlegen und hast ein starkes Verständnis dafür, wie ein belastbares, qualitativ
hochwertiges Prüfungsergebnis aussehen muss.
Software folgen kann. Du definierst die Regeln, das System wendet sie an.
etwa bei Leasing nach IFRS 16 oder Revenue Recognition. Du definierst, worauf das System achten und wann es Ausnahmen markieren
soll.
So stellst du sicher, dass unsere Workflows mit IDW PS 210 vereinbar bleiben und Reviewer jederzeit die Kontrolle über das
professionelle Urteil behalten.
kann, im Einklang mit IDW PS 450 und belastbar für Qualitätskontrolle und Peer Review.
Gespräche mit Regulatoren zur Rolle von Technologie in der Prüfung ein..
mittelständischen Prüfungsgesellschaft. Du hast auf Prüfungsleiter-Level gearbeitet und weißt, was Mandatsverantwortung und
Haftungsrisiken in der Praxis bedeuten.
benötigte Inputs definieren und beschreiben, wie ein korrektes Ergebnis aussehen muss.
Prüfungen durchgeführt werden.
kein Hindernis, sondern die Grundlage für verlässlichen Fortschritt.
stärkt.
denken wir es neu.
1. Intro call mit Liza (Founders Associate)
2. Fachliches (Audit-) Interview mit Philipp, Co-Founder.
3. Strategic & Collaboration Fit mit Valentin, Co-Founder.
4. On-site Session in Berlin: Eine gemeinsame Session in unserem Berliner Office, in der wir eine „Reviewer-First“-Oberfläche
entwickeln mit Fokus auf maximale Transparenz, Nachvollziehbarkeit und professionelle Skepsis.
Are you passionate about making an impact through technology and controls? At SumUp, we’re looking for an IT Internal Auditor to strengthen our Internal Audit team in Berlin. In this role, you’ll help ensure our IT environment is secure, compliant, and ready to support millions of businesses worldwide. ABOUT SUMUP SumUp is a leading global fintech company committed to leveling the playing field for small businesses. Since 2012, we’ve been a trusted partner for over 4 million merchants in 36 markets worldwide. Our mission is to make business simple and affordable by providing tools that help entrepreneurs get paid, manage finances, and grow their customer relationships. TEAM DESCRIPTION You’ll be part of our Internal Audit team, reporting directly to the Global Head of Internal Audit. The team plays a crucial role in safeguarding SumUp’s operations, ensuring compliance with regulatory requirements, and driving continuous improvement across the business. This role focuses on strengthening our IT audit capabilities— an essential part of our audit plan and risk management strategy. WHAT YOU’LL DO * Lead and execute IT-focused internal audits, ensuring that SumUp’s systems and controls meet regulatory and business requirements * Uncover insights and improve audit efficiency by analysing data: run queries, extract information from systems, and apply advanced analytics * Develop a focused IT audit plan, shaping how we evaluate technology risks across the company * Translate findings into clear, actionable recommendations and present them with confidence to management and stakeholders * Act as an independent voice for control and compliance, building trust while navigating resistance and influencing change * Build strong relationships with stakeholders to foster a culture of proactive internal controls * Stay ahead of the curve by keeping up with evolving IT standards, regulations, and best practices YOU’LL BE GREAT FOR THIS ROLE IF * You have at least 4 years of internal audit experience within a regulated financial services environment. * You bring proven IT auditing expertise and strong knowledge of audit standards and risk management. * You are experienced with IT general controls, compliance, governance, and security frameworks (e.g. COBIT, ISO 27001, PCI DSS, ITIL, NIST, LGPD, GDPR). * You have advanced data analytics skills and can leverage them in your audit work. * You communicate clearly in English and are skilled in writing impactful reports. * You are ethical, independent, and confident in influencing change across different levels of the organisation. Nice to have: Professional certifications such as CIA, CISA, CPA, CISSP, CISM, or CRISC; knowledge of data analytics tools. WHY YOU SHOULD JOIN SUMUP 🌎 Opportunity to work with SumUppers globally on large-scale fintech products used by millions of businesses worldwide, from our Berlin office. This involves an office-first setup 🌈 Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity, fostering an inclusive environment where everyone's perspectives are respected and embraced 🚀 Enrolment onto our Virtual Stock Option programme: you will own a stake in SumUp’s future success 📚 A dedicated annual L&D budget of €2000 for attending conferences and/or advancing your career through further education 💶 A corporate pension scheme where we match up to 20% of your contributions 🏖️ Generous time off: enjoy 28 days of paid leave plus public holidays and special leave days 🚵🏾♂️ Numerous other benefits such as Urban Sports Club subsidy, Kita placement assistance, subsidised office lunches 🌴 Break4me: 1-month sabbatical after 3 years of service 🔗 Referral Bonus: earn additional rewards by referring talented individuals to join the SumUp team About SumUp We believe in the everyday hero. Small business owners are at the heart of all we do, so we create powerful, easy-to-use financial solutions to help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America, Australia and the United States work together to ensure that the small business owners we partner with can be successful doing what they love. SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. SumUp will not accept unsolicited resumes from any source other than directly from a candidate. Job Application Tip We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.
Are you passionate about making an impact through technology and controls? At SumUp, we’re looking for an IT Internal Auditor to strengthen our Internal Audit team in Berlin. In this role, you’ll help ensure our IT environment is secure, compliant, and ready to support millions of businesses worldwide. ABOUT SUMUP SumUp is a leading global fintech company committed to leveling the playing field for small businesses. Since 2012, we’ve been a trusted partner for over 4 million merchants in 36 markets worldwide. Our mission is to make business simple and affordable by providing tools that help entrepreneurs get paid, manage finances, and grow their customer relationships. TEAM DESCRIPTION You’ll be part of our Internal Audit team, reporting directly to the Global Head of Internal Audit. The team plays a crucial role in safeguarding SumUp’s operations, ensuring compliance with regulatory requirements, and driving continuous improvement across the business. This role focuses on strengthening our IT audit capabilities— an essential part of our audit plan and risk management strategy. WHAT YOU’LL DO * Lead and execute IT-focused internal audits, ensuring that SumUp’s systems and controls meet regulatory and business requirements * Uncover insights and improve audit efficiency by analysing data: run queries, extract information from systems, and apply advanced analytics * Develop a focused IT audit plan, shaping how we evaluate technology risks across the company * Translate findings into clear, actionable recommendations and present them with confidence to management and stakeholders * Act as an independent voice for control and compliance, building trust while navigating resistance and influencing change * Build strong relationships with stakeholders to foster a culture of proactive internal controls * Stay ahead of the curve by keeping up with evolving IT standards, regulations, and best practices * Conduct targeted audits of AWS security standards and access controls across our cloud environment, ensuring credit card data stored in cloud services is adequately protected; * Perform risk-based reviews of payment products and ensure security requirements are consistently embedded throughout the development lifecycle. * Identifying anomalies or excessive privileges across different systems and payment platforms. YOU’LL BE GREAT FOR THIS ROLE IF * You have at least 4 years of internal audit experience within a regulated financial services environment. * You bring proven IT auditing expertise and strong knowledge of audit standards and risk management. * You are experienced with IT general controls, compliance, governance, and security frameworks (e.g. COBIT, ISO 27001, PCI DSS, ITIL, NIST, LGPD, GDPR). * You have advanced data analytics skills and can leverage them in your audit work. * You communicate clearly in English and are skilled in writing impactful reports. * You are ethical, independent, and confident in influencing change across different levels of the organisation. Nice to have: Professional certifications such as CIA, CISA, CPA, CISSP, CISM, or CRISC; knowledge of data analytics tools. WHY YOU SHOULD JOIN SUMUP 🌎 Opportunity to work with SumUppers globally on large-scale fintech products used by millions of businesses worldwide, from our Berlin office. This involves an office-first setup 🌈 Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity, fostering an inclusive environment where everyone's perspectives are respected and embraced 🚀 Enrolment onto our Virtual Stock Option programme: you will own a stake in SumUp’s future success 📚 A dedicated annual L&D budget of €2000 for attending conferences and/or advancing your career through further education 💶 A corporate pension scheme where we match up to 20% of your contributions 🏖️ Generous time off: enjoy 28 days of paid leave plus public holidays and special leave days 🚵🏾♂️ Numerous other benefits such as Urban Sports Club subsidy, Kita placement assistance, subsidised office lunches 🌴 Break4me: 1-month sabbatical after 3 years of service 🔗 Referral Bonus: earn additional rewards by referring talented individuals to join the SumUp team About SumUp We believe in the everyday hero. Small business owners are at the heart of all we do, so we create powerful, easy-to-use financial solutions to help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America, Australia and the United States work together to ensure that the small business owners we partner with can be successful doing what they love. SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. SumUp will not accept unsolicited resumes from any source other than directly from a candidate. Job Application Tip We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.
At Upvest, we are on a mission to make investing as easy as spending money. Upvest empowers businesses to offer a wide range of investment products and the best experience in the field of capital market investment and retirement planning. Upvest’s Investment API is easy to integrate so that fintechs and financial institutions can save resources and fully focus on their core business. We are proud to partner with Europe’s leading Fintechs and financial institutions such as DKB, Revolut, N26 and Raisin. Founded in 2017 by Martin Kassing, Upvest now brings together over 270 talented professionals from more than 70 nationalities. Upvest is backed by €280M in total funding from world-class investors, including BlackRock, Tencent, Sapphire Ventures, and Bessemer Venture Partners, Earlybird, Notion Capital, and Motive. Our latest €105M funding round in March 2026 - led by Sapphire and Tencent - serves as a massive catalyst for our growth, allowing us to offer premier investment experience. ABOUT THE ROLE: Upvest is at the inflection point where security needs to scale and remain a foundational discipline of the company. We're hiring a Security Engineering Lead to step into our lean and efficient Security team, set its multi-quarter direction, work cross-functionally and scale Security Engineering into a team that continues to own Upvest's entire application security and cloud security posture in a highly regulated environment as it scales. This role sits alongside our Security Operations and GRC teams, which owns detection, response, and compliance operations. Where SecOps keeps watch over what's happening now, Security Engineering shapes what we build and how we build it, embedding security into the SDLC, hardening our cloud environment, and building the platforms that make security teams more effective. You will own the secure paved roads every Upvest engineer relies on: automated SAST/DAST/SCA in our GitHub Actions pipelines, SSDLC adherence, IAM and network controls, and the technical implementation of DORA's (and other regulations') ICT risk framework for our platform. Our mission for the team is simple: make the secure way the easy way for everyone at Upvest. WHAT YOU’LL DO: * Set the multi-quarter strategy for application and cloud security across Upvest's Investment API platform — aligned with our product roadmap, our tenant commitments, and our regulatory obligations under DORA, MiFID II, and BaFin's MaRisk / BAIT requirements. * Lead, mentor, and grow our Security Engineering and Upvest's security culture. You'll inherit a small, talented team and own hiring, onboarding, growth, and retention as we scale. And you'll create initiatives to build security into the development and product life cycle. * Build paved roads. Own how Upvest performs encryption, authN/authZ, CI/CD, data, and network surfaces. We want fewer security review queues and more security baked into the templates. * Own application security end-to-end. Threat modeling, secure code review, SAST/DAST/SCA tooling integration in our GitHub Actions CI/CD, and vulnerability management. * Drive better cloud security posture across our GCP environment — IAM, VPC Service Controls, Cloud KMS, CSPM (Wiz), Binary Authorization for GKE, Terraform-driven infrastructure security baselines, and our Linkerd service mesh posture. * Mature Upvest's DORA technical implementation. Partner with our risk and compliance functions to translate DORA's ICT risk framework (Art. 5–9), secure development testing requirements (Art. 16), and threat-led penetration testing (Art. 24–27) into engineering work programmes — and into evidence we can show auditors and regulators. * Embed security in every product design. Partner deeply with product and engineering teams. Architecture reviews, design partnerships, security champions across product squads, collaboration beats gatekeeping. * Stay current on emerging threats. AI / LLM security, agentic identities, and the secure use of AI tooling in our own engineering workflow are an active concern * Represent Upvest's security posture clearly to everyone WHAT YOU BRING: * 6–10 years in security engineering, with 4+ years focused on product security or cloud security, and you work well in a regulated environment. You don't need to check every box, but we're asking for evidence that you've taken security from "owned by one team in a queue" to "embedded in how an engineering org ships." * Hands-on, technically credible. You earn the trust of engineers by going deep, so you're comfortable reading code, threat modeling designs, debating architectures, and writing tooling when it's valuable. * Cloud-native security depth. GCP preferred; AWS or Azure transferable. You know IAM, network segmentation, KMS, IaC security (Terraform), and Kubernetes hardening (RBAC, network policies, Pod Security Standards) as a craft. * Product/Application security foundations. OWASP Top 10 / ASVS, secure code review, SAST/DAST/SCA tooling integration, supply-chain security (SLSA, signing). * Lead through influence, not gatekeeping. You drive security outcomes through partnership with engineering teams. You can navigate ambiguity, set direction, and make sound risk-based decisions that scale with the organisation. People want to work with you, because you don't just say "no", you say "yeah, and this is how". * Hire and grow people. You've built or grown a small team. You set a high bar in interviews, invest in onboarding, give real-time feedback, and address performance issues quickly and fairly. Communicate cleanly across audiences e.g. a security incident write-up to engineering, a control narrative to an auditor, and a risk briefing to executives are three different documents, and you can write all three. NICE TO HAVE: * Experience securing multi-tenant B2B platforms or financial-API products: tenant isolation, API-as-product safety boundaries, and the specific operational shape of selling to regulated customers. * Experience with trading, custody, or securities settlement platforms, or curiosity about that domain. * Bug bounty / VDP programme management. * In a past life, you have shipped backend code in production, and you're comfortable in Go (preferred), Python, or another modern backend language. * Regulatory fluency. Working knowledge of DORA, MaRisk, BAIT, ISO 27001. You can change audit-speak or regulation into actionable technical requirements other people understand. You can hold your own with auditors and regulators without losing engineering pragmatism. * Background in engineering and offensive security * German skills are useful for some potential client interactions, but not required. Our working language is English. * Hands-on experience with AI/LLM security, agentic identity, or securing AI tooling in an engineering workflow. * Familiarity with the operational side of security is a bonus, hands-on experience with EDR and SIEM platforms, or a background in incident response. This matters in practice, you'll be part of the security on-call rotation, so being comfortable picking up an active incident is real, not theoretical. HOW WE UPVEST IN YOU: * Best-in-class AI tools: Every Upvenger has €20,000 per year to spend on the best AI tools available — so you're always working with the most powerful models and tooling on the market. * Impact-driven work: We’re building the infrastructure that will power the future of investing in Europe. It’s complex, ambitious, and meaningful. You’ll work with modern technologies and create something entirely new. No legacy systems, no limits. * Wellbeing: Recharge with 30 days of annual leave and maintain a healthy lifestyle with sports benefits. Access confidential professional coaching and enjoy the flexibility to work remotely abroad for up to 183 days a year. Recharge with UpRest, a one-month fully paid sabbatical after every 4 years of working at Upvest. * Development: Growth is in our DNA. Each Upvenger has access to a personal development budget and the freedom to decide how to use it. * Flexible work environment: Work from any of our hubs in Berlin, London or Tallinn hybrid or remotely across Europe, depending on the role. We give you the choice and budget to work where you’re most comfortable and productive, either at home or in the office. You choose. * Compensation and equity: We believe that all Upvengers contribute to our success and deserve a competitive, above-market salary and a participation in our employee equity program. * Team celebrations: Participate in company-wide events, such as UpFest, dinners, offsites and our Holiday party, to connect with colleagues and celebrate our achievements. * Inclusion: We’re committed to a culture where everyone belongs and thrives. Our Employee Resources Groups foster inclusion and connection, like Upfem for our female Upvengers, or UpVergent supporting neurodivergent Upvengers and allies. OUR VALUES: * Make it easy for others. We simplify the complex and act with the best intentions. * Own the outcome. We are proactive, fast and confident to get the job done, valuing progress over perfection. * Rise to the challenge. We aim high and push the boundaries. We stay curious, learn and celebrate our wins together. * Tell the story. We start with the Why to align on purpose. We are transparent and share knowledge to empower and inspire others. Upvest is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.