Senior Global IT Audit & Controls Manager

At Costa Coffee, we are what we craft. We’re reimagining coffee experiences in over 50 countries and counting, as a key part of the Coca-Cola System. Whether you get your coffee in a store, from a machine, at home, or on the go – we’ve got you covered. Our teams make a difference. Whether that’s working on new tech for the perfect pour, helping our teams grow, creating award-winning campaigns, crunching the numbers, or developing the latest exciting menu item; together, we stir up success. We may be a global brand, but we haven’t forgotten our roots. That’s where the Costa Foundation and our fantastic community agenda come in. Whatever your role, you can help us change lives in coffee growing communities and help your local community too. We also want to help you grow in your career through amazing experiences, our apprenticeship scheme, and development programmes. At Costa, you can go beyond the day-to-day.

As a Senior Global IT Audit & Controls Manager, there’s never been a better time to join. So, why Costa? We didn’t become a global coffee brand by sitting back. When you work here, you join a community that values passion, progression and integrity, with some pretty brilliant perks to sweeten the deal:

• Own a piece of Costa’s success by becoming a share owner in Coca-Cola with our Share Investment Plan (SIP)
• A smart pension that saves you money on tax and national insurance, and matches your contributions up to 10%
• The Costa Financial Support Fund, supporting team members who find themselves in unexpected financial pressure
• 50% discount in all Costa-owned stores, and 25% off in other participating stores
• Private medical cover thanks to our Private Healthcare scheme

We’re passionate about being a great place to work, where you can bring your unique self into our mix. We firmly support diversity, equity and inclusion, and continue to work with our teams to shape the future of our culture and values: Disciplined to Deliver, Passion for Progress, Win with Warmth, Courage to Challenge and Trusted Team Players.

What you’ll do:

• Design and deliver a SOX / ISA-315 awareness and culture change programme that caters for differing cultural and language requirements across the global Costa Coffee business.
• Support the Principal Delivery Assurance & Portfolio Manager in the ongoing development of the Costa IT Audit & Controls team.
• Responsible for providing management and oversight of processes that ensure previously deployed IT general controls continue to operate as designed, that they evolve to meet changing requirements and that they remain effective.
• Responsible for management and oversight of the SOX, ISA315 and TCCC rotational scope annual audits including the planning of resource required, quality of evidence produced by the wider Costa business and management of the observations raised to ensure they are remediated in a timely manner resulting in a desirable audit outcome.
• Responsible for management and oversight of the SOX / ISA-315 3rd Party Vendor processes to ensure our suppliers appropriately handle Costa’s information.
• Provide guidance and oversight to projects / programmes and where a change in process is required or a new application / infrastructure is being implemented and falls in to the scope of SOX / ISA-315 ensuring all required IT General Controls are implemented and Costa’s IT systems are ‘secure by design’.
• Responsible for overseeing the annual Costa InfoSec Standards Exception review process and approving the reviewed exceptions. Ensuring that where applications or infrastructure cannot meet the requirement of the Costa Standard, mitigations, additional controls and management of the mitigations are implemented and monitored throughout their lifetime.

Who you are:

• Previous experience of working as an SME in a IT audit and / or controls environment e.g. SOX, ISO 27001, NIST etc.
• Knowledge of SOX, data privacy, Information security or Cyber security practices and standards (GDPR, ISO27000) and their applicability to a worldwide leading retailer.
• Previous experience of large scale audit management and co-ordination in multiple countries.
• Experience of managing supplier IT General Control 3rd party assurance processes and associated risks.
• Previous experience of designing and delivery of a programme of SOX / ISA-315, ITGC education, awareness and training.
• Strong written and verbal communication skills, negotiation skills and stakeholder management.
• Previous experience of developing and mentoring colleagues in SOX, ITGC’s and risk management.
• Previous experience of risk management processes ITIL/ISF/iRAM/COBIT frameworks and methodologies, CISSP, CISM.
• Self driven, able to work to tight deadlines and results orientated.

Location – Loudwater or London– Hybrid

Seniority level – Mid-Senior level

Employment type – Full-time

Job function – Accounting/Auditing and Information Technology

Industries – Retail and Technology, Information and Media