The Carlyle Group seeks an experienced, dynamic, and engaging Security Governance Lead to oversee multiple programs supporting our cyber risk management capabilities and culture of shared cyber responsibility. In tandem with a broad understanding of cyber risk sources, reference frameworks, and mitigation strategies, this role requires strong listening, communication, and organizational skills to foster meaningful engagement across varied stakeholders in a fast-paced, global, and innovative business environment. In this role, you:
- Understand the evolving threat landscape and adapt the security governance program to effectively understand, mitigate, and report upon cyber risk in a fluid environment.
- Support the overarching security strategy and own the vision, strategy, and roadmap for security governance activities. Foster transparency by developing, maintaining, and reporting upon the governance program’s key performance indicators/metrics.
- Modernize and administer the security awareness program, leveraging various forms of media to bolster cyber fluency and acumen across the firm
- Maintain strong oversight of vendors, business partners, and other third parties to manage and report upon supply chain cyber risk
- Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document, recommend, and report upon the mitigation status of identified gaps to firm leadership. Support investor diligence.
- Have a strong understanding of administrative, physical, and technical controls used to identify, protect, detect, respond, and recover from cyber threats and attacks.
- Collaborate with and influence cross-functional stakeholders to adopt a security mindset, abide security policies and standards, identify security weaknesses, and proactively manage and report upon cyber risks.
Responsibilities
Primary Responsibilities:
50% of time
- Serve as the lead role in the following security programs: Risk Tracker, Security Awareness, investor diligence, and coordinating internal and external assessments.
20% of time - Develop planning, reporting, efficiencies, and improvements to all security programs, risks, and security initiatives
20% of time - Work directly with security, IT, and business unit team members to aid in projects and investigations that require analysis of business risks
10% of time - Perform other duties as assigned
Qualifications
Education & Certificates
- Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience
- Security certifications: CISSP, CISA or CISM, preferred.
Professional Experience - At least 8+ years’ experience in cybersecurity as a practitioner and with at least 3 to 4+ years exposure with various security frameworks.
- Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
- Demonstrates highly effective communications skills with the ability to influence business units.
- Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
- Is highly organized and efficient and leverages strategic and tactical thinking.
- Ability to identify approaches, risks, mitigation strategies to meet client/functional requirements
- Ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach and develop the team.
- Preferred consulting background
- Record of accomplishment, acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
- Create innovative security awareness campaigns using solution provider and custom-developed tools designed to be flexible and adaptable across a diverse employee population (executives, engineering, investor relations, finance, other teams).
- Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to accommodate different employee comprehension capabilities.
- Build relationships with technical and compliance teams to deliver security-by-design controls that are incorporated into projects, architecture, infrastructure, and applications.
The compensation range for this role is specific to Washington, DC, and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.
The anticipated base salary range for this role is $170,000 - $190,000.
In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.
Company Information
The Carlyle Group (NASDAQ: CG) is a global investment firm with $425 billion of assets under management and more than half of the AUM managed by women, across 595 investment vehicles as of March 31, 2024. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,200 professionals operating in 28 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Investment Solutions - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation.
At Carlyle, we know that diverse teams perform better, so we seek to create a community where we continually exchange insights, embrace different perspectives and leverage diversity as a competitive advantage. That is why we are committed to growing and cultivating teams that include people with a variety of perspectives, people who provide unique lenses through which to view potential deals, support and run our business.
#J-18808-Ljbffr