Senior Consultant- Digital Risks
Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia
Control Risks
Control Risks is the specialist global risk consultancy that helps organisations succeed in a volatile world. Find out more.We are seeking a highly skilled and motivated Senior Consultant- Cyber Assurance to join our growing cybersecurity assurance team. In this role, you will lead and deliver high-impact cyber risk and assurance engagements, helping clients navigate regulatory requirements, manage information security risks, and enhance their cybersecurity posture.
You will play a key role in project delivery, client engagement, and mentoring junior staff, while also contributing to the development of new service offerings and best practices.
Tasks and responsibilities:
The Senior Consultant will take responsibility for individual and client-facing outputs in the following areas:
Delivering digital risk and cyber security engagements
• Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks.
• Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices.
• Perform cybersecurity maturity assessments and develop tailored improvement roadmaps.
• Guide clients through internal and external audit processes, including preparation, audits, testing, and remediation planning.
• Identify control gaps and recommend practical, risk-based solutions aligned with business objectives.
• Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries.
• Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues.
• Support business development efforts, including proposals, presentations, and thought leadership.
• Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning.
Business development & practice growth
• Identify opportunities for additional services during engagements and contribute to proposal writing and client presentations.
• Assist in developing new service offerings, market insights, and go-to-market strategies for the cyber assurance practice.
• Participate in industry events, webinars, or networking opportunities to represent the firm’s cyber capabilities.
Requirements
Required Qualifications:
• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).
• 5+ years of experience in cybersecurity, risk management, or IT auditing
• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.
• Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes
• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.
• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.
• A deep understanding of governance, standards, and compliance as they pertain to cyber security.
• Ability to analyze complex security data and translate findings into industry specific recommendations.
Desired Skills:
• Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor or other relevant security or risk management certifications.
• Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.
• Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.
• Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences.
• Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CCNP CISA CISM CISSP Cloud Compliance CRISC Encryption GDPR Governance HIPAA HITRUST Incident response ISO 27001 Network security NIST Risk assessment Risk management SOC SOC 2 Vulnerability management
Perks/benefits: Career development Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.