Senior Consultant – Cyber & Digital Risk Assurance
Company Overview
Capco is an entrepreneurial consulting business with expertise in transformation, technology, and strategy. We specialize in banking and payment; capital markets; wealth & investment management; finance, risk & compliance; and technology, serving our clients from offices in leading financial centers across US, Europe and APAC. We are expanding our business rapidly across Asia (especially Malaysia). You will work on engaging projects with some of the largest banking and insurance clients in the world, projects that will deliver significant transformation and change. Besides, we have exciting growth plans in APAC and some very interesting new service lines opening. We are building the business, so now is a good time to join because you can join at the start, have an impact and play a role in its future success = promotion opportunities, better bonus opportunities and faster career progression.
Through our collaborative and efficient approach, we help our clients successfully increase revenue, manage risk and regulatory change, reduce cost and enhance control. We specialize in banking; capital markets; wealth and investment management; finance, risk & compliance; and technology. We serve our clients from offices in leading financial centers across North America, Europe and APAC.
Role Overview
Capco is seeking a Cybersecurity Controls Assessor (Hybrid: Digital Services & Cloud Exit) to support independent, regulator-defensible assurance engagements under Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT).
This role is hands-on and evidence-driven, focusing on the assessment of cybersecurity, digital banking services, fraud controls, and cloud exit / data deletion practices. You will work as part of an independent assurance team, performing detailed control testing and validation to support assurance conclusions provided to senior management and regulators.
Key Responsibilities
- Cybersecurity & Technology Control Assessment
- Execute hands-on assessments of cybersecurity and SOC controls, including access management, monitoring, incident response, vulnerability management, and security governance.
• Perform control design and operating effectiveness testing in line with RMiT expectations and recognised security standards.
- Execute hands-on assessments of cybersecurity and SOC controls, including access management, monitoring, incident response, vulnerability management, and security governance.
- Digital Services & Fraud Controls
- Assess digital banking and digital service controls, with particular focus on customer protection, transaction integrity, and service resilience.
• Evaluate fraud prevention and detection controls, including transaction monitoring, alerts, and exception handling mechanisms.
• Identify control gaps and weaknesses that could impact customer trust, financial loss, or regulatory compliance.
- Assess digital banking and digital service controls, with particular focus on customer protection, transaction integrity, and service resilience.
- Cloud Exit & Data Deletion Assurance
- Assess cloud exit, data lifecycle, and secure data deletion controls, ensuring compliance with RMiT cloud and outsourcing requirements.
• Validate evidence of data deletion, sanitisation, and exit readiness, including contractual, technical, and operational artefacts.
• Review cloud governance arrangements across IaaS, PaaS, and SaaS environments.
- Assess cloud exit, data lifecycle, and secure data deletion controls, ensuring compliance with RMiT cloud and outsourcing requirements.
- Evidence, Documentation & Assurance Support
- Perform detailed evidence review and validation, ensuring conclusions are traceable, defensible, and aligned with assurance standards.
• Document findings, control assessments, and issues clearly, supporting independent assurance opinions and reporting.
• Support senior assurance leads in preparing regulatory-facing reports, responses, and supporting artefacts.
- Perform detailed evidence review and validation, ensuring conclusions are traceable, defensible, and aligned with assurance standards.
Required Skills & Experience
- Proven experience in cybersecurity, digital risk, or technology risk assessment, ideally within financial services.
Hands-on experience assessing cyber controls, digital platforms, or cloud environments.
Strong understanding of fraud risks and transaction controls in digital channels.
Practical knowledge of cloud data lifecycle management, secure deletion, and exit planning.
Strong evidence-based assurance mindset, with attention to detail and traceability.
Clear, structured documentation and issue articulation skills.
Experience supporting audit, assurance, or regulator-facing engagements.
Certifications
- CISSP or CISM – required
- CSP – strongly preferred
- Cloud provider professional certification (AWS, Azure, or GCP) – preferred
Why join us?
You will join a company that supports and encourages an entrepreneurial outlook and independent thinking. Capco is not about organizational charts and layers –we operate with little hierarchy because we want all employees to feel that Capco is their firm. We warmly value diversity and inclusion and embrace our collective uniqueness –our culture is a strong, fresh, and invigorating difference from our competitors.
Apply for this job
*
indicates a required field