carlyle
The Carlyle Group seeks a strong Security Risk and Data Manager who will:
Support the organization’s security and risk management strategy across new and existing business capabilities.
Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risks.
Leverage security data platforms and tools to extract, transform, and visualize security metrics, risk trends, and operational performance.
Correlate data from multiple sources such as vulnerability management systems, SIEM logs, and vendor risk platforms to identify patterns, anomalies, and emerging threats.
Develop automated data pipelines to streamline risk and compliance reporting, ensuring accuracy, timeliness, and repeatability of metrics.
Perform quantitative and qualitative analysis of security incidents, audit findings, and vulnerability data to identify systemic issues and drive root-cause remediation.
Maintain a security data taxonomy to ensure consistent use of data definitions, fields, and KPIs across reporting functions.
Partner with security engineering and operations teams to improve data quality, completeness, and integration between security governance tools and analytics platforms
The Manager, Cyber Security Risk and Data, will play a pivotal role in driving Carlyle’s security and risk management strategy, blending governance expertise with data analytics capabilities and skills. This position will partner with the Enterprise Security Governance Lead on initiatives covering governance, compliance, third-party oversight, and vulnerability management, and will manage data from multiple security platforms to identify trends, emerging risks, and opportunities for measurable improvement. The role requires a strong ability to translate complex security data into clear, actionable metrics. Responsibilities
60% of time Serve as the lead role in the following security programs: Cyber Third-Party Risk Management and Data Analytics related to Carlyle’s Enterprise Security Program 20% of time
Work directly with security team members to provide assistance in projects and investigations that require analysis of business risks 10% of time
Develop planning, reporting, efficiencies, and improvements to security governance programs, risks, and security initiatives 10% of time
Perform other duties as assigned Qualifications
Education & Certificates Concentration in computer science, information assurance, MIS or related field, preferred CRISC, CISM, CISA, or CISSP, preferred Professional Experience
Minimum 5+ years of overall relevant technical experience, required At least 5+ years’ experience in cybersecurity as a practitioner, preferred At least 2+ years exposure to various security frameworks, preferred Proven experience applying data analytics to assess, monitor, and improve security and risk management programs. Strong understanding of data visualization techniques and tools (e.g., Tableau, Power BI, Qlik, or similar) to present security and risk metrics to technical and executive audiences. Experience developing, tracking, and reporting on key performance indicators (KPIs), key risk indicators (KRIs), and trend analyses for governance programs. Ability to collect, normalize, and analyze large datasets from multiple sources (e.g., security systems, compliance tools, operational systems) to identify patterns, anomalies, and emerging risks. Experience building automated dashboards and reports to support security governance, audit readiness, and executive decision-making. Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines Ability to identify approaches, risks, mitigation strategies to meet client/functional requirements Consulting or audit background preferred Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure Exposure to Software Development Lifecycle (SDLC), Agile Foundations, Building Security in Maturity Model (BSIMM), and application security threats (OWSAP Top Ten) Understands cyber risk analysis, attack and threat tree generation, and mitigations for common risks Some experience with multiple security roles such as security analyst, security engineer, security projects, risk assessments, and security operations Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications. The anticipated base salary range for this role is $155,000 to $175,000. In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance. Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle. Company Information
The Carlyle Group (NASDAQ: CG) is a global investment firm with $465 billion of assets under management and more than half of the AUM managed by women, across 652 investment vehicles as of June 30, 2025. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,300 professionals operating in 27 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Carlyle AlpInvest - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation. At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." We strive to foster an environment where ideas are openly shared and valued. By bringing together teams with varied expertise and approaches, we enjoy a competitive advantage and create a stronger foundation for long-term success.
#J-18808-Ljbffr
60% of time Serve as the lead role in the following security programs: Cyber Third-Party Risk Management and Data Analytics related to Carlyle’s Enterprise Security Program 20% of time
Work directly with security team members to provide assistance in projects and investigations that require analysis of business risks 10% of time
Develop planning, reporting, efficiencies, and improvements to security governance programs, risks, and security initiatives 10% of time
Perform other duties as assigned Qualifications
Education & Certificates Concentration in computer science, information assurance, MIS or related field, preferred CRISC, CISM, CISA, or CISSP, preferred Professional Experience
Minimum 5+ years of overall relevant technical experience, required At least 5+ years’ experience in cybersecurity as a practitioner, preferred At least 2+ years exposure to various security frameworks, preferred Proven experience applying data analytics to assess, monitor, and improve security and risk management programs. Strong understanding of data visualization techniques and tools (e.g., Tableau, Power BI, Qlik, or similar) to present security and risk metrics to technical and executive audiences. Experience developing, tracking, and reporting on key performance indicators (KPIs), key risk indicators (KRIs), and trend analyses for governance programs. Ability to collect, normalize, and analyze large datasets from multiple sources (e.g., security systems, compliance tools, operational systems) to identify patterns, anomalies, and emerging risks. Experience building automated dashboards and reports to support security governance, audit readiness, and executive decision-making. Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines Ability to identify approaches, risks, mitigation strategies to meet client/functional requirements Consulting or audit background preferred Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure Exposure to Software Development Lifecycle (SDLC), Agile Foundations, Building Security in Maturity Model (BSIMM), and application security threats (OWSAP Top Ten) Understands cyber risk analysis, attack and threat tree generation, and mitigations for common risks Some experience with multiple security roles such as security analyst, security engineer, security projects, risk assessments, and security operations Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications. The anticipated base salary range for this role is $155,000 to $175,000. In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance. Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle. Company Information
The Carlyle Group (NASDAQ: CG) is a global investment firm with $465 billion of assets under management and more than half of the AUM managed by women, across 652 investment vehicles as of June 30, 2025. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,300 professionals operating in 27 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Carlyle AlpInvest - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation. At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." We strive to foster an environment where ideas are openly shared and valued. By bringing together teams with varied expertise and approaches, we enjoy a competitive advantage and create a stronger foundation for long-term success.
#J-18808-Ljbffr