Skip to main content

IT Controls Specialist

SumUp

BerlinOn-siteFull-Time1w ago

Description

.css-1cpk9mt{margin-top: var(-cui-spacings-giga);margin-bottom: var(-cui-spacings-mega);position: relative;}

.css-177mjip{position: absolute;opacity: 0;top: calc(-72px - 20px);}

IT Controls Specialist

.css-k4eprn{margin-bottom: 16px;}

.css-k1irjw{display: inline;} Take a look inside our London office

About the team

SumUp's Internal Controls function sits at the heart of our financial governance, responsible for the programmes that give regulators, auditors, and leadership confidence in how we operate. As SumUp grows, robust and scalable technology controls are increasingly important to the strength of our financial governance and wider control environment. .

This is a newly created role, and it's a genuinely important one. You will take ownership of the technology side of our ICFR and Provision 29 (P29) programmes. You'll be the person who builds it: designing the control framework, running the IT ICFR assurance programme, and making sure our IT general controls can stand up to external audit scrutiny.

What you'll do

.css-6fljt4{margin-bottom: var(-cui-spacings-mega);}.css-6fljt4 li: last-child,.css-6fljt4 ul: last-child,.css-6fljt4 ol: last-child{margin-bottom: var(-cui-spacings-byte);}

Design, document, test, and oversee remediation of IT General Controls (ITGCs), automated controls, and key system-generated financial reports across SumUp's ICFR and P29 programmes

Build and maintain a complete IT risk and control matrix (RCM) covering all in-scope control domains, and produce audit-quality evidence packs

Act as the primary point of contact between the Internal Controls team and SumUp's Engineering and IT functions, coordinating evidence, managing auditor requests, and tracking deficiencies through to remediation

Identify and implement automation opportunities across the controls lifecycle, including evidence collection workflows, access review sampling, and change management evidence extraction

Advise the business on IT risk identification and control design to support compliance and broader risk management requirements

You'll be great for this role if…

Strong hands-on experience in IT audit, ITGC testing, or technology risk, whether from an internal or external audit background

Solid knowledge of IT General Controls domains: logical access, change management, computer operations, and SDLC

Familiarity with ICFR, SOX, or equivalent regulatory frameworks, including experience managing IT PBC (Prepared by Client) requests with external auditors

A good understanding of IT risk and the ability to link IT controls activities with broader assurance programmes (such as ISO and other existing frameworks) to avoid duplication and drive efficiency

Ability to document and maintain risk and control matrices to a standard that holds up under audit scrutiny

Comfort working across multi-jurisdictional environments and influencing technical teams without direct authority

Intellectual curiosity about automation and AI — and a genuine interest in applying both to make controls programmes more efficient

Why you should join SumUp

Opportunity to work with a truly global, multicultural team from our central Covent Garden location, wrapped in historic charm and modern flair. This involves an office-first setup

Commitment to Diversity and Inclusion: be part of a workplace that values and promotes diversity, fostering an inclusive environment where everyone's perspectives are respected and embraced

Enrolment onto our Virtual Stock Option programme: you will own a stake in SumUp's future success

Generous time off: enjoy 28 days of paid leave, plus bank holidays and special leaves

A dedicated annual L&D budget for attending conferences and/or advancing your career through further education

**Heal

More jobs in Berlin