Senior Consultant & Cyber & Digital Risk Assurance

Capco is an entrepreneurial consulting business with expertise in transformation, technology, and strategy. We specialize in banking and payment; capital markets; wealth & investment management; finance, risk & compliance; and technology, serving our clients from offices in leading financial centers across US, Europe and APAC. We are expanding our business rapidly across Asia (especially Malaysia). You will work on engaging projects with some of the largest banking and insurance clients in the world, projects that will deliver significant transformation and change. Besides, we have exciting growth plans in APAC and some very interesting new service lines opening. We are building the business, so now is a good time to join because you can join at the start, have an impact and play a role in its future success = promotion opportunities, better bonus opportunities and faster career progression.

Capco is seeking a Cybersecurity Controls Assessor (Hybrid: Digital Services & Cloud Exit) to support independent, regulator-defensible assurance engagements under Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT).

This role is hands‑on and evidence-driven, focusing on the assessment of cybersecurity, digital banking services, fraud controls, and cloud exit / data deletion practices. You will work as part of an independent assurance team, performing detailed control testing and validation to support assurance conclusions provided to senior management and regulators.

• Cybersecurity & Technology Control Assessment
  • Execute hands‑on assessments of cybersecurity and SOC controls, including access management, monitoring, incident response, vulnerability management, and security governance.
    • Perform control design and operating effectiveness testing in line with RMiT expectations and recognised security standards.
• Assess digital banking and digital service controls, with particular focus on customer protection, transaction integrity, and service resilience.
  • Evaluate fraud prevention and detection controls, including transaction monitoring, alerts, and exception handling mechanisms.
  • Identify control gaps and weaknesses that could impact customer trust, financial loss, or regulatory compliance.
• Assess cloud exit, data lifecycle, and secure data deletion controls, ensuring compliance with RMiT cloud and outsourcing requirements.
  • Validate evidence of data deletion, sanitisation, and exit readiness, including contractual, technical, and operational artefacts.
  • Review cloud governance arrangements across IaaS, PaaS, and SaaS environments.
• Evidence, Documentation & Assurance Support
  • Perform detailed evidence review and validation, ensuring conclusions are traceable, defensible, and aligned with assurance standards.
    • Document findings, control assessments, and issues clearly, supporting independent assurance opinions and reporting.
    • Support senior assurance leads in preparing regulatory‑facing reports, responses, and supporting artefacts.

• Proven experience in cybersecurity, digital risk, or technology risk assessment, ideally within financial services.
  Hands‑on experience assessing cyber controls, digital platforms, or cloud environments.
  Strong understanding of fraud risks and transaction controls in digital channels.
  Practical knowledge of cloud data lifecycle management, secure deletion, and exit planning.
  Strong evidence‑based assurance mindset, with attention to detail and traceability.
  Clear, structured documentation and issue articulation skills.
  Experience supporting audit, assurance, or regulator‑facing engagements.

• CISSP or CISM – required
• CSP – strongly preferred
• Cloud provider professional certification (AWS, Azure, or GCP) – preferred

You will join a company that supports and encourages an entrepreneurial outlook and independent thinking. Capco is not about organizational charts and layers – we operate with little hierarchy because we want all employees to feel that Capco is their firm. We warmly value diversity and inclusion and embrace our collective uniqueness –our culture is a strong, fresh, and invigorating difference from our competitors.