IT Controls Specialist

IT Controls Specialist

Take a look inside our London office

About the team

SumUp's Internal Controls function sits at the heart of our financial governance, responsible for the programmes that give regulators, auditors, and leadership confidence in how we operate. As SumUp grows, robust and scalable technology controls are increasingly important to the strength of our financial governance and wider control environment. .

This is a newly created role, and it's a genuinely important one. You will take ownership of the technology side of our ICFR and Provision 29 (P29) programmes. You'll be the person who builds it: designing the control framework, running the IT ICFR assurance programme, and making sure our IT general controls can stand up to external audit scrutiny.

What you'll do

Design, document, test, and oversee remediation of IT General Controls (ITGCs), automated controls, and key system-generated financial reports across SumUp's ICFR and P29 programmes

Build and maintain a complete IT risk and control matrix (RCM) covering all in-scope control domains, and produce audit-quality evidence packs

Act as the primary point of contact between the Internal Controls team and SumUp's Engineering and IT functions, coordinating evidence, managing auditor requests, and tracking deficiencies through to remediation

Identify and implement automation opportunities across the controls lifecycle, including evidence collection workflows, access review sampling, and change management evidence extraction

Advise the business on IT risk identification and control design to support compliance and broader risk management requirements

You'll be great for this role if…

Strong hands-on experience in IT audit, ITGC testing, or technology risk, whether from an internal or external audit background

Solid knowledge of IT General Controls domains: logical access, change management, computer operations, and SDLC

Familiarity with ICFR, SOX, or equivalent regulatory frameworks, inc