IT Controls Specialist
SumUp
Description
.css-1cpk9mt{margin-top: var(-cui-spacings-giga);margin-bottom: var(-cui-spacings-mega);position: relative;}
.css-177mjip{position: absolute;opacity: 0;top: calc(-72px - 20px);}
IT Controls Specialist
.css-k4eprn{margin-bottom: 16px;}
.css-k1irjw{display: inline;} Take a look inside our London office
About the team
SumUp's Internal Controls function sits at the heart of our financial governance, responsible for the programmes that give regulators, auditors, and leadership confidence in how we operate. As SumUp grows, robust and scalable technology controls are increasingly important to the strength of our financial governance and wider control environment. .
This is a newly created role, and it's a genuinely important one. You will take ownership of the technology side of our ICFR and Provision 29 (P29) programmes. You'll be the person who builds it: designing the control framework, running the IT ICFR assurance programme, and making sure our IT general controls can stand up to external audit scrutiny.
What you'll do
.css-6fljt4{margin-bottom: var(-cui-spacings-mega);}.css-6fljt4 li: last-child,.css-6fljt4 ul: last-child,.css-6fljt4 ol: last-child{margin-bottom: var(-cui-spacings-byte);}
Design, document, test, and oversee remediation of IT General Controls (ITGCs), automated controls, and key system-generated financial reports across SumUp's ICFR and P29 programmes
Build and maintain a complete IT risk and control matrix (RCM) covering all in-scope control domains, and produce audit-quality evidence packs
Act as the primary point of contact between the Internal Controls team and SumUp's Engineering and IT functions, coordinating evidence, managing auditor requests, and tracking deficiencies through to remediation
Identify and implement automation opportunities across the controls lifecycle, including evidence collection workflows, access review sampling, and change management evidence extraction
Advise the business on IT risk identification and control design to support compliance and broader risk management requirements
You'll be great for this role if…
Strong hands-on experience in IT audit, ITGC testing, or technology risk, whether from an internal or external audit background
Solid knowledge of IT General Controls domains: logical access, change management, computer operations, and SDLC
Familiarity with ICFR, SOX, or equivalent regulatory frameworks, including experience managing IT PBC (Prepared by Client) requests with external auditors
A good understanding of IT risk and the ability to link IT controls activities with broader assurance programmes (such as ISO and other existing frameworks) to avoid duplication and drive efficiency
Ability to document and maintain risk and control matrices to a standard that holds up under audit scrutiny
Comfort working across multi-jurisdictional environments and influencing technical teams without direct authority
Intellectual curiosity about automation and AI — and a genuine interest in applying both to make controls programmes more efficient
Why you should join SumUp
Opportunity to work with a truly global, multicultural team from our central Covent Garden location, wrapped in historic charm and modern flair. This involves an office-first setup
Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity, fostering an inclusive environment where everyone's perspectives are respected and embraced
Enrolment onto our Virtual Stock Option programme: you will own a stake in SumUp's future success
Generous time off: enjoy 28 days of paid leave, plus bank holidays and special leaves
A dedicated annual L&D budget for attending conferences and/or advancing your career through further education
**Heal