Senior Consultant- Digital Risks

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Control Risks

Control Risks is the specialist global risk consultancy that helps organisations succeed in a volatile world. Find out more.

View all jobs at Control Risks

Apply now Apply later

We are seeking a highly skilled and motivated Senior Consultant- Cyber Assurance to join our growing cybersecurity assurance team. In this role, you will lead and deliver high-impact cyber risk and assurance engagements, helping clients navigate regulatory requirements, manage information security risks, and enhance their cybersecurity posture.

You will play a key role in project delivery, client engagement, and mentoring junior staff, while also contributing to the development of new service offerings and best practices.

Tasks and responsibilities:

The Senior Consultant will take responsibility for individual and client-facing outputs in the following areas:

Delivering digital risk and cyber security engagements

• Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks.

• Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices.

• Perform cybersecurity maturity assessments and develop tailored improvement roadmaps.

• Guide clients through internal and external audit processes, including preparation, audits, testing, and remediation planning.

• Identify control gaps and recommend practical, risk-based solutions aligned with business objectives.

• Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries.

• Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues.

• Support business development efforts, including proposals, presentations, and thought leadership.

• Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning.

Business development & practice growth

• Identify opportunities for additional services during engagements and contribute to proposal writing and client presentations.

• Assist in developing new service offerings, market insights, and go-to-market strategies for the cyber assurance practice.

• Participate in industry events, webinars, or networking opportunities to represent the firm’s cyber capabilities.

Requirements

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).

• 5+ years of experience in cybersecurity, risk management, or IT auditing

• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.

• Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes

• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.

• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.

• A deep understanding of governance, standards, and compliance as they pertain to cyber security.

• Ability to analyze complex security data and translate findings into industry specific recommendations.

Desired Skills:

• Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor or other relevant security or risk management certifications.

• Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.

• Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.

• Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences.

• Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Audits CCNP CISA CISM CISSP Cloud Compliance CRISC Encryption GDPR Governance HIPAA HITRUST Incident response ISO 27001 Network security NIST Risk assessment Risk management SOC SOC 2 Vulnerability management

Perks/benefits: Career development Team events

Region: Asia/Pacific
Country: Malaysia

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.