The Carlyle Group
Manager, Cyber Security Risk and Data
The Carlyle Group, Washington, District of Columbia, us, 20022
Overview
The Carlyle Group (NASDAQ: CG) is a global investment firm with $465 billion of assets under management and more than half of the AUM managed by women, across 652 investment vehicles as of June 30, 2025. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,300 professionals operating in 27 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle invests across three segments - Global Private Equity, Global Credit and Carlyle AlpInvest - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations.
At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." We strive to foster an environment where ideas are openly shared and valued. By bringing together teams with varied expertise and approaches, we enjoy a competitive advantage and create a stronger foundation for long-term success.
Position Summary The Carlyle Group seeks a strong Security Risk and Data Manager who will:
Support the organization’s security and risk management strategy across new and existing business capabilities.
Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risks.
Leverage security data platforms and tools to extract, transform, and visualize security metrics, risk trends, and operational performance.
Correlate data from multiple sources such as vulnerability management systems, SIEM logs, and vendor risk platforms to identify patterns, anomalies, and emerging threats.
Develop automated data pipelines to streamline risk and compliance reporting, ensuring accuracy, timeliness, and repeatability of metrics.
Perform quantitative and qualitative analysis of security incidents, audit findings, and vulnerability data to identify systemic issues and drive root-cause remediation.
Maintain a security data taxonomy to ensure consistent use of data definitions, fields, and KPIs across reporting functions.
Partner with security engineering and operations teams to improve data quality, completeness, and integration between security governance tools and analytics platforms
Primary Responsibilities 60% of time
Serve as the lead role in the following security programs: Cyber Third-Party Risk Management and Data Analytics related to Carlyle's Enterprise Security Program
20% of time
Work directly with security team members to provide assistance in projects and investigations that require analysis of business risks
10% of time
Develop planning, reporting, efficiencies, and improvements to security governance programs, risks, and security initiatives
10% of time
Perform other duties as assigned
Requirements Education & Certificates
Concentration in computer science, information assurance, MIS or related field, preferred
CRISC, CISM, CISA, or CISSP, preferred
Professional Experience
Minimum 5+ years of overall relevant technical experience, required
At least 5+ years’ experience in cybersecurity as a practitioner, preferred
At least 2+ years exposure to various security frameworks, preferred
Proven experience applying data analytics to assess, monitor, and improve security and risk management programs.
Strong understanding of data visualization techniques and tools (e.g., Tableau, Power BI, Qlik, or similar) to present security and risk metrics to technical and executive audiences.
Experience developing, tracking, and reporting on key performance indicators (KPIs), key risk indicators (KRIs), and trend analyses for governance programs.
Ability to collect, normalize, and analyze large datasets from multiple sources (e.g., security systems, compliance tools, operational systems) to identify patterns, anomalies, and emerging risks.
Experience building automated dashboards and reports to support security governance, audit readiness, and executive decision-making.
Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines
Ability to identify approaches, risks, mitigation strategies to meet client/functional requirements
Consulting or audit background preferred
Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure
Exposure to Software Development Lifecycle (SDLC), Agile Foundations, Building Security in Maturity Model (BSIMM), and application security threats (OWASP Top Ten)
Understands cyber risk analysis, attack and threat tree generation, and mitigations for common risks
Some experience with multiple security roles such as security analyst, security engineer, security projects, risk assessments, and security operations
Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.
The anticipated base salary range for this role is $155,000 to $175,000.
In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.
Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle.
#J-18808-Ljbffr
At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." We strive to foster an environment where ideas are openly shared and valued. By bringing together teams with varied expertise and approaches, we enjoy a competitive advantage and create a stronger foundation for long-term success.
Position Summary The Carlyle Group seeks a strong Security Risk and Data Manager who will:
Support the organization’s security and risk management strategy across new and existing business capabilities.
Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risks.
Leverage security data platforms and tools to extract, transform, and visualize security metrics, risk trends, and operational performance.
Correlate data from multiple sources such as vulnerability management systems, SIEM logs, and vendor risk platforms to identify patterns, anomalies, and emerging threats.
Develop automated data pipelines to streamline risk and compliance reporting, ensuring accuracy, timeliness, and repeatability of metrics.
Perform quantitative and qualitative analysis of security incidents, audit findings, and vulnerability data to identify systemic issues and drive root-cause remediation.
Maintain a security data taxonomy to ensure consistent use of data definitions, fields, and KPIs across reporting functions.
Partner with security engineering and operations teams to improve data quality, completeness, and integration between security governance tools and analytics platforms
Primary Responsibilities 60% of time
Serve as the lead role in the following security programs: Cyber Third-Party Risk Management and Data Analytics related to Carlyle's Enterprise Security Program
20% of time
Work directly with security team members to provide assistance in projects and investigations that require analysis of business risks
10% of time
Develop planning, reporting, efficiencies, and improvements to security governance programs, risks, and security initiatives
10% of time
Perform other duties as assigned
Requirements Education & Certificates
Concentration in computer science, information assurance, MIS or related field, preferred
CRISC, CISM, CISA, or CISSP, preferred
Professional Experience
Minimum 5+ years of overall relevant technical experience, required
At least 5+ years’ experience in cybersecurity as a practitioner, preferred
At least 2+ years exposure to various security frameworks, preferred
Proven experience applying data analytics to assess, monitor, and improve security and risk management programs.
Strong understanding of data visualization techniques and tools (e.g., Tableau, Power BI, Qlik, or similar) to present security and risk metrics to technical and executive audiences.
Experience developing, tracking, and reporting on key performance indicators (KPIs), key risk indicators (KRIs), and trend analyses for governance programs.
Ability to collect, normalize, and analyze large datasets from multiple sources (e.g., security systems, compliance tools, operational systems) to identify patterns, anomalies, and emerging risks.
Experience building automated dashboards and reports to support security governance, audit readiness, and executive decision-making.
Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines
Ability to identify approaches, risks, mitigation strategies to meet client/functional requirements
Consulting or audit background preferred
Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure
Exposure to Software Development Lifecycle (SDLC), Agile Foundations, Building Security in Maturity Model (BSIMM), and application security threats (OWASP Top Ten)
Understands cyber risk analysis, attack and threat tree generation, and mitigations for common risks
Some experience with multiple security roles such as security analyst, security engineer, security projects, risk assessments, and security operations
Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.
The anticipated base salary range for this role is $155,000 to $175,000.
In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.
Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle.
#J-18808-Ljbffr