Senior Consultant & Cyber & Digital Risk Assurance

Capco is an entrepreneurial consulting business with expertise in transformation, technology, and strategy. We specialise in banking and payment; capital markets; wealth & investment management; finance, risk & compliance; and technology, serving our clients from offices in leading financial centres across US, Europe and APAC. We are expanding our business rapidly across Asia (especially Malaysia). You will work on engaging projects with some of the largest banking and insurance clients in the world, projects that will deliver significant transformation and change. Besides, we have exciting growth plans in APAC and some very interesting new service lines opening. We are building the business, so now is a good time to join because you can join at the start, have an impact and play a role in its future success – promotion opportunities, better bonus opportunities and faster career progression.

Through our collaborative and efficient approach, we help our clients successfully increase revenue, manage risk and regulatory change, reduce cost and enhance control. We specialise in banking; capital markets; wealth and investment management; finance, risk & compliance; and technology. We serve our clients from offices in leading financial centres across North America, Europe and APAC.

Capco is seeking a Cybersecurity Controls Assessor (Hybrid: Digital Services & Cloud Exit) to support independent, regulator-defensible assurance engagements under Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT). This role is hands‑on and evidence-driven, focusing on the assessment of cybersecurity, digital banking services, fraud controls and cloud exit / data deletion practices. You will work as part of an independent assurance team, performing detailed control testing and validation to support assurance conclusions provided to senior management and regulators.

• Cybersecurity & Technology Control Assessment
  • Execute hands‑on assessments of cybersecurity and SOC controls, including access management, monitoring, incident response, vulnerability management, and security governance.
  • Perform control design and operating effectiveness testing in line with RMiT expectations and recognised security standards.
• Assess digital banking and digital service controls, with particular focus on customer protection, transaction integrity and service resilience.
  • Evaluate fraud prevention and detection controls, including transaction monitoring, alerts and exception handling mechanisms.
  • Identify control gaps and weaknesses that could impact customer trust, financial loss or regulatory compliance.
• Assess cloud exit, data lifecycle and secure data deletion controls, ensuring compliance with RMiT cloud and outsourcing requirements.
  • Validate evidence of data deletion, sanitisation and exit readiness, including contractual, technical and operational artefacts.
  • Review cloud governance arrangements across IaaS, PaaS and SaaS environments.
• Evidence, Documentation & Assurance Support
  • Perform detailed evidence review and validation, ensuring conclusions are traceable, defensible and aligned with assurance standards.
  • Document findings, control assessments and issues clearly, supporting independent assurance opinions and reporting.
  • Support senior assurance leads in preparing regulatory-facing reports, responses and supporting artefacts.

• Proven experience in cybersecurity, digital risk or technology risk assessment, ideally within financial services.
• Hands‑on experience assessing cyber controls, digital platforms or cloud environments.
• Strong understanding of fraud risks and transaction controls in digital channels.
• Practical knowledge of cloud data lifecycle management, secure deletion and exit planning.
• Strong evidence‑based assurance mindset, with attention to detail and traceability.
• Clear, structured documentation and issue articulation skills.
• Experience supporting audit, assurance or regulator‑facing engagements.

• CISSP or CISM – required
• CSP – strongly preferred
• Cloud provider professional certification (AWS, Azure or GCP) – preferred

You will join a company that supports and encourages an entrepreneurial outlook and independent thinking. Capco is not about organisational charts and layers – we operate with little hierarchy because we want all employees to feel that Capco is their firm. We warmly value diversity and inclusion and embrace our collective uniqueness – our culture is a strong, fresh and invigorating difference from our competitors.