Senior Consultant – Cyber & Digital Risk Assurance

Company Overview

Capco is an entrepreneurial consulting business with expertise in transformation technology and strategy. We specialize in banking and payment; capital markets; wealth & investment management; finance risk & compliance; and technology serving our clients from offices in leading financial centers across US Europe and APAC. We are expanding our business rapidly across Asia (especially Malaysia). You will work on engaging projects with some of the largest banking and insurance clients in the world projects that will deliver significant transformation and change. Besides we have exciting growth plans in APAC and some very interesting new service lines opening. We are building the business so now is a good time to join because you can join at the start have an impact and play a role in its future success promotion opportunities better bonus opportunities and faster career progression.

Through our collaborative and efficient approach we help our clients successfully increase revenue manage risk and regulatory change reduce cost and enhance control. We specialize in banking; capital markets; wealth and investment management; finance risk & compliance; and technology. We serve our clients from offices in leading financial centers across North America Europe and APAC.

Role Overview

Capco is seeking a Cybersecurity Controls Assessor (Hybrid: Digital Services & Cloud Exit) to support independent regulator-defensible assurance engagements under Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT).

This role is hands-on and evidence-driven focusing on the assessment of cybersecurity digital banking services fraud controls and cloud exit / data deletion practices. You will work as part of an independent assurance team performing detailed control testing and validation to support assurance conclusions provided to senior management and regulators.

Key Responsibilities

• Cybersecurity & Technology Control Assessment
  • Execute hands-on assessments of cybersecurity and SOC controls including access management monitoring incident response vulnerability management and security governance.
    Perform control design and operating effectiveness testing in line with RMiT expectations and recognised security standards.
• Digital Services & Fraud Controls
  • Assess digital banking and digital service controls with particular focus on customer protection transaction integrity and service resilience.
    Evaluate fraud prevention and detection controls including transaction monitoring alerts and exception handling mechanisms.
    Identify control gaps and weaknesses that could impact customer trust financial loss or regulatory compliance.
• Cloud Exit & Data Deletion Assurance
  • Assess cloud exit data lifecycle and secure data deletion controls ensuring compliance with RMiT cloud and outsourcing requirements.
    Validate evidence of data deletion sanitisation and exit readiness including contractual technical and operational artefacts.
    Review cloud governance arrangements across IaaS PaaS and SaaS environments.
• Evidence Documentation & Assurance Support
  • Perform detailed evidence review and validation ensuring conclusions are traceable defensible and aligned with assurance standards.
    Document findings control assessments and issues clearly supporting independent assurance opinions and reporting.
    Support senior assurance leads in preparing regulatory-facing reports responses and supporting artefacts.

Required Skills & Experience

• Proven experience in cybersecurity digital risk or technology risk assessment ideally within financial services.
  Hands-on experience assessingcyber controls digital platforms or cloud environments.
  Strong understanding offraud risks and transaction controls in digital channels.
  Practical knowledge ofcloud data lifecycle management secure deletion and exit planning.
  Strongevidence-based assurance mindset with attention to detail and traceability.
  Clear structured documentation and issue articulation skills.
  Experience supportingaudit assurance or regulator-facing engagements.

Certifications

• CISSP or CISM required
• CSP strongly preferred
• Cloud provider professional certification (AWS Azure or GCP) preferred

Why join us

You will join a company that supports and encourages an entrepreneurial outlook and independent thinking. Capco is not about organizational charts and layers we operate with little hierarchy because we want all employees to feel that Capco is their firm. We warmly value diversity and inclusion and embrace our collective uniqueness our culture is a strong fresh and invigorating difference from our competitors.