Johnson Controls has flagged the Information Security Operations Engineer job as unavailable. Let’s keep looking.

Position Summary

The Carlyle Group seeks an experienced, dynamic, and engaging Deputy CISO to be a senior leader within Carlyle’s Global Technology & Solutions (GTS) Department, and to lead its cyber governance capabilities by driving the strategic planning, development, and execution of enterprise-wide cybersecurity initiatives in a fast-paced, global and innovative business environment. The Deputy CISO possesses exceptional leadership skills, creating credible connections with internal and external stakeholders and cultivating a robust cyber ecosystem. The Deputy CISO reports to the CISO, assuming their role when necessary, and will play a crucial part in driving transformational improvements in cybersecurity processes and capabilities. In tandem with a broad understanding of cyber risk sources, reference frameworks, and mitigation strategies, this role requires the ability to think strategically, act decisively, and prioritize cyber investments to deliver risk outcomes that reduce the likelihood and impact of a cyber incident. Through education, influence, and data, the Deputy CISO embeds cyber risk management into business operations, supporting infrastructures and processes, new product launches, M&A activity, and portfolio cyber advisory.

In this role, you: 

  • Understand the evolving threat landscape and adapt the security governance program to effectively understand, mitigate, and report upon cyber risk in a fluid environment.
  • Support the overarching cybersecurity strategy and own the vision, strategy, and roadmap for security governance activities. Foster transparency by developing, maintaining, and reporting upon the governance program’s key performance indicators/metrics.
  • Maintain strong oversight of vendors, business partners, and other third parties to manage and report upon supply chain cyber risk.
  • Liaise with internal and external auditors and other third parties to execute cyber-related audit and assessment activities. Analyze risk findings and document, recommend, and report upon the mitigation status of identified gaps to firm leadership. 
  • Mentor team members, enhance their influencing and negotiation skills, and promote professional growth.
  • Demonstrate strong understanding of administrative, physical, and technical controls used to govern, identify, protect, detect, respond, and recover from cyber threats and attacks.
  • Collaborate with and influence cross-functional stakeholders to adopt a security mindset, abide security policies and standards, identify security weaknesses, and proactively manage and report upon cyber risks. Promote a “secure by design” framework across product development lifecycles.
  • Advocate for resources necessary for the cybersecurity team's success through compelling and data-driven business cases; administer cybersecurity program budget in partnership with CISO and domain leads.

Responsibilities

Cyber Governance (90% of time):

  • Collaborate in the creation of the firm’s overall cybersecurity strategy, roadmap, and standards, leading the areas within the cybersecurity governance domain. Ensure alignment with firm strategy, enterprise policies, and regulatory obligations. 
  • Establish, maintain, and report upon cyber key performance indicators that provide visibility into the operation of key elements of Carlyle’s cyber security program and foster responsibility and accountability for overall cyber health across the Carlyle cyber ecosystem.
  • Demonstrate excellent business judgment, engender trust, and educate Carlyle leaders on the “why” behind cyber investments. 
  • Build cyber resilience into strategic firm initiatives, such as new product deployments, M&A playbooks, novel technologies (e.g., AI and GenAI) and cloud adoption.
  • Provide security advisory services that instill a security mindset across Carlyle, helping all users understand their role in the cyber ecosystem.
  • Foster cyber-aware behaviors; inspire the adoption of reasonable security practices; and understand, manage, and report upon cyber risk.
  • Leverage security tools, independent third parties, internal audit, and cyber staff to identify security weaknesses and take actions to reduce Carlyle’s exposure to harm from external and internal threats, including insider risk. 
  • Engage with regulators and investors to understand Carlyle’s cybersecurity program, assist deal teams with cyber diligence upon request.
  • Ensure cyber risks identified in security assessments, audits, and security testing are centrally recorded, reported upon quarterly, and tracked through closure. Administer the cyber risk acceptance process.
  • Influence the adoption of secure design patterns, embed security-related value streams into the firm’s agile development lifecycle, and align new and existing technology deployments with evolving GTS-security standards.
  • Deploy new security technologies and enhancements to existing security technologies and processes to strengthen firmwide cyber resilience.
  • Listen to stakeholders; attract, develop, and retain cyber talent; and partner with cross-functional areas to protect the firm from brand, financial, legal & regulatory and operational harm resulting from a cyber breach.
  • Demonstrate exemplary team building skills with a focus on recruitment, retention, career development, and succession planning. Inspire and motivate team members to identify and achieve bold cyber goals.

Administrative (10% of time):

  • Administer GTS-Security budget and oversee quarterly budget planning and forecasting.
  • Leverage agile principles to gain efficiency in cyber security program execution and to deliver on value streams within budget and consistent with rolling 12-month roadmap.
  • Support the firm’s disaster recovery and business continuity capabilities.

Qualifications

Education & Certificates

  • Bachelor’s degree, required
  • Degree in Information Systems, Computer Science or related technical discipline, preferred
  • Graduate level degree, preferred
  • Security certifications: CISSP, CISA or CISM, required.

Professional Experience

  • 15+ years of information systems, compliance, regulatory, financial services operation, or related experience, required.
  • Prior CISO or Deputy CISO experience preferred. 
  • Prior experience working in federated, regulated, and financial services environments, preferred.
  • Strong history of managing and developing high performing teams, and retaining and attracting top cyber talent, preferred. 
  • Possess excellent interpersonal, relationship building and influencing skills; has demonstrated success in influencing key corporate decision makers and business partners to build positive working relationships and in gaining support for the cybersecurity strategy and initiatives. 
  • Uses excellent written/verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members (or equivalent).
  • Successful track record as a change agent, setting priorities and delivering cyber outcomes across diverse and dynamic environments. Strong ability to assess the current and future value of a wide spectrum of cyber technologies and to make informed recommendations regarding the introduction of new business enabling technology solutions. Demonstrates prudent financial management in the delivery of key results.
  • Deep understanding of cybersecurity program planning and sequencing, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management. Experience in the development, implementation, and monitoring of supporting processes.
  • Strong technical foundation, including security architecture, vulnerability management, threat modeling, assessment and testing, and secure software development.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).

Competencies & Attributes

  • Strong communication, leadership, and interpersonal skills.
  • Strategic problem solving and decision-making abilities; adept at working under pressure.
  • Innovative thinking and leadership with a keen ability to influence and motivate cross-functional, interdisciplinary teams.
  • Clear understanding of the evolution of the cybersecurity function and strong relationships with the vendor and security community.
  • Ability to anticipate technological developments and develop or enhance existing capabilities, policies and procedures to protect the best interest of the organization.
  • Extensive ability to analyze and interpret the threat landscape for business impact to the firm or its investments and to develop appropriate and pragmatic approaches to manage associated risk.
  • Advanced knowledge of essential cyber practices, such as endpoint protection, vulnerability and patch management, access controls and incident response.
  • Impeccable integrity and exceptional business judgment, relationship building acumen, and a keen ability to communicate the “why” behind cyber investments to diverse constituencies.

Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by The Carlyle Group. 

Company Information

The Carlyle Group (NASDAQ: CG) is a global investment firm with $382 billion of assets under management and more than half of the AUM managed by women, across 600 investment vehicles as of September 30, 2023. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,200 professionals operating in 28 offices in North America, South America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Investment Solutions - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation.

At Carlyle, we know that diverse teams perform better, so we seek to create a community where we continually exchange insights, embrace different perspectives and leverage diversity as a competitive advantage. That is why we are committed to growing and cultivating teams that include people with a variety of perspectives, people who provide unique lenses through which to view potential deals, support and run our business.

Read Full Description
Confirmed 9 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles