Job Description

At Costa Coffee, we are what we craft. We're reimagining coffee experiences in over 50 countries and counting, as a key part of the Coca-Cola System. Whether you get your coffee in a store, from a machine, at home, or on the go - we've got you covered.
Our teams make a difference. Whether that's working on new tech for the perfect pour, helping our teams grow, creating award-winning campaigns, crunching the numbers, or developing the latest exciting menu item; together, we stir up success.
We may be a global brand, but we haven't forgotten our roots. That's where the Costa Foundation and our fantastic community agenda come in. Whatever your role, you can help us change lives in coffee growing communities and help your local community too.
We also want to help you grow in your career through amazing experiences, our apprenticeship scheme, and development programmes. At Costa, you can go beyond the day-to-day.
And as a Lead IT Audit & Controls Manager there's never been a better time to join.
We're seeking a Risk & Compliance professional to lead the implementation of the SOX IT General Controls framework across the Costa Group. You'll act as a subject matter expert, guiding complex control processes, influencing senior stakeholders, and embedding compliance across internal teams and third parties. The role also supports IT audit readiness, risk management, and regulatory compliance (e.g. SOX, ISA-315), ensuring governance standards are met and reporting is delivered to senior leadership and The Coca-Cola Company.
So, why Costa?
We didn't become a global coffee brand by sitting back. When you work here, you join a community that values passion, progression and integrity, with some pretty brilliant perks to sweeten the deal:

• Own a piece of Costa's success by becoming a share owner in Coca-Cola with our Share Investment Plan (SIP)
• A smart pension that saves you money on tax and national insurance, and matches your contributions up to 10%
• The Costa Financial Support Fund, supporting team members who find themselves in unexpected financial pressure
• 50% discount in all Costa-owned stores, and 25% off in other participating stores
• Private medical cover thanks to our Private Healthcare scheme
• And that's not all. Explore even more of our perks here: https://bit.ly/costaperks

We're passionate about being a great place to work, where you can bring your unique self into our mix. We firmly support diversity, equity and inclusion, and continue to work with our teams to shape the future of our culture and values: Disciplined to Deliver, Passion for Progress, Win with Warmth, Courage to Challenge and Trusted Team Players.
What you'll do
Being a Lead IT Audit & Controls Manager is about so much more than bringing our coffee to the world. It's your chance to stir up real success - which means you'll:

• Lead the development and implementation of the SOX IT General Controls and Risk & Compliance framework across the Costa Group.
• Act as a subject matter expert, providing guidance on complex controls and influencing strategic decisions at senior management level.
• Drive cultural change to embed SOX controls across internal teams and third parties, ensuring compliance and understanding.
• Support continuous improvement in IT Audit, Risk Management, and regulatory compliance (e.g. SOX, ISA-315) across global operations.
• Ensure effective risk monitoring, supplier assurance, and regular reporting to senior

Who you are
It's your unique ingredients we're interested in:

• Awareness of information and cyber security standards (e.g. ISO27000, NIST, PCI-DSS, CIS) and their relevance in a global retail environment.
• Familiarity with security tools, processes, and risk management frameworks such as COBIT.
• Experience working in a global organisation, including engagement with third parties and suppliers.
• Exposure to developing policies, standards, and guidelines in a large-scale business context.
• Desirable: Understanding of SOX, ITGC, IT risk, and data protection, with relevant certifications (e.g. CISA, CISSP, CISM) and familiarity with frameworks like ITIL and ISF.

Where you'll work:
Right now, our Support Centre teams work flexibly, blending home working with in-person time whenever it matters most - whether that's a team moment, a creative session, or simply coming together to share ideas.
We're excited to be moving into a new home for our brand in St Albans in January 2027 - an inspiring space from which our Support Centre teams will work three days a week to connect and collaborate in-person to bring our bold ambition to life.

Skills Required