Technology Risk & Controls Lead (Assurance Lead)

Company Overview

Capco is an entrepreneurial consulting business with expertise in transformation technology and strategy. We specialize in banking and payment; capital markets; wealth & investment management; finance risk & compliance; and technology serving our clients from offices in leading financial centers across US Europe and APAC. We are expanding our business rapidly across Asia (especially Malaysia). You will work on engaging projects with some of the largest banking and insurance clients in the world projects that will deliver significant transformation and change. Besides we have exciting growth plans in APAC and some very interesting new service lines opening. We are building the business so now is a good time to join because you can join at the start have an impact and play a role in its future success promotion opportunities better bonus opportunities and faster career progression.

Through our collaborative and efficient approach we help our clients successfully increase revenue manage risk and regulatory change reduce cost and enhance control. We specialize in banking; capital markets; wealth and investment management; finance risk & compliance; and technology. We serve our clients from offices in leading financial centers across North America Europe and APAC.

Role Overview

Capco is seeking a Technology Risk & Controls Lead (Assurance Lead) to provide independent regulator-defensible assurance to financial institutions against Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT) and related regulatory standards.

This role plays a critical assurance and judgement function acting as an Independent External Service Provider with end-to-end ownership of assurance conclusions materiality decisions and regulatory attestations. You will work closely with client executive management boards regulators and internal delivery teams to ensure technology cyber cloud resilience and governance controls meet regulatory expectations and industry best practices.

Key Responsibilities

• Independent Assurance Ownership
  • Own the end-to-end independent assurance lifecycle for BNM RMiT engagements from scoping and control interpretation through testing evaluation and final attestation.
    Exercise professional judgement on control adequacy effectiveness and materiality ensuring conclusions are evidence-based proportionate and regulator-defensible.
    Provide final approval of assurance conclusions opinions and attestations maintaining independence from advisory and implementation activities.
• Regulatory Interpretation & Control Frameworks
  • Translate BNM RMiT Policy (all Parts) into clear testable control expectations aligned to the banks technology cyber cloud resilience and governance landscape.
    Interpret and apply related regulatory and industry standards including:
    BNM RMiT
    BNM Outsourcing Policy Document
    Business Continuity Management (BCM) Policy Document
    ISO 27001
    COBIT
    NIST Cybersecurity Framework
    ISAE 3000
    Ensure control expectations are aligned with regulatory intent industry practice and proportional risk management.
• Risk Materiality & Professional Judgement
  • Apply risk-based prioritisation to focus assurance efforts on areas of highest regulatory operational and systemic risk.
    Make defensible materiality judgements balancing regulatory expectations control maturity and business context.
    Challenge management where necessary while maintaining constructive professional relationships.
• Executive Board & Regulator Engagement
  • Engage confidently with senior management Boards and regulators articulating assurance scope findings and conclusions clearly and credibly.
    Prepare and deliver executive-level assurance reports summaries and regulatory submissions.
    Act as a trusted assurance authority capable of standing behind conclusions in regulatory discussions and reviews.
• Assurance Quality & Ethical Standards
  • Uphold strict independence ethical and professional assurance standards consistent with external assurance expectations.
    Ensure assurance work is compliant with ISAE 3000 and internal quality standards.
    Provide oversight and guidance to assurance teams to maintain consistency quality and defensibility of outcomes.

Required Experience & Capabilities

• Extensive experience in technology risk IT audit or independent assurance within financial services.
  Deep exposure to financial-services regulation particularly BNM technology cyber and resilience requirements.
  Strong capability in regulatory interpretation control design assessment and operating effectiveness testing.
  Proven ability to exercise independent judgement and make materiality decisions in complex environments.
  Experience engaging Boards senior executives and regulators with credibility and authority.
  Strong written and verbal communication skills particularly for assurance opinions and executive reporting.

Certifications

• CISA required
  CRISC and/or CISM preferred

Why join us

You will join a company that supports and encourages an entrepreneurial outlook and independent thinking. Capco is not about organizational charts and layers we operate with little hierarchy because we want all employees to feel that Capco is their firm. We warmly value diversity and inclusion and embrace our collective uniqueness our culture is a strong fresh and invigorating difference from our competitors.