Vice President, Product Security
Carlyle Investment Management, LLC

Position Summary

The Vice President, Product Security is a "hands on" leader within Carlyle's Global Technology & Solutions (GTS) Department responsible for maturing our product security capability and engaging with cross-functional stakeholders to ensure the safe operation of business systems. This leader will develop and implement a comprehensive product security strategy, directing efforts across traditional software developments, SaaS customizations and AI/ML-powered products and services. Key to success is cultivating a "secure by design" mindset that fuels innovation and our growth strategy.

The VP, Product Security, is also responsible for overseeing Carlyle's vulnerability management program and conducting security risk assessments, including penetration tests, of new and existing products, applications, networks, and infrastructures to ensure alignment with enterprise security policies, security standards, and industry leading security practices. Through these activities, data provides a view into the adequacy of security protections, maturity of the firm's security culture and overall cyber health. By fostering an environment of transparency and accountability, the VP, Product Security educates and inspires business owners and technologists to make pragmatic, risk-informed decisions.

Responsibilities

Product Security Program ("Program") Leadership

• Develop, champion, and implement a comprehensive product security vision, strategy and roadmap encompassing diverse system development life cycles, ranging from traditional software developments and SaaS customizations to AI-powered products and services. Ensure security best practices are integrated throughout product lifecycles.
• Maintain rolling 12-month program roadmap and provide comprehensive security updates to the CISO. Measure performance and impact using a defined set of objective key results (OKRs) and performance metrics for the product security domain.
• Demonstrate exemplary team building skills with a focus on recruitment, retention, and performance planning. Inspire and motivate team members to identify and achieve bold cyber goals.

Research and Innovation

• Lead research initiatives to explore new security technologies and methodologies, including leveraging existing investments in AI/GenAI to strengthen the security program.
• Take an adversary perspective on how novel technologies can be misused and identify design patterns that enable their safe use.
• Stay abreast of emerging technologies and cybersecurity threats, proposing and incorporating innovative security solutions into the firm's security architecture.
• Establish and maintain relationships with external security experts, vendors, and partners to leverage their expertise and stay abreast of the evolving threat landscape.

Risk Management and Governance

• Influence and participate in governance structures supporting responsible AI, secure application development, and vulnerability management.
• Champion the adoption of secure design patterns, embed security-related value streams into the firm's agile development lifecycle, and align new and existing technology deployments with evolving GTS-security standards.
• Conduct penetration tests and security risk assessments of new and existing products, applications, networks, and infrastructures, identifying potential security vulnerabilities and proposing mitigation strategies.
• Embed security into Carlyle's DNA, ensuring business owners and technologists understand, document and formally accept cyber risks associated with design and operational decisions.

Collaboration and Communication

• Work closely with product development, engineering, and data science teams to reduce friction in software development pipelines while embedding security into the design and development of products and applications.
• Provide differentiated and compelling presentations about the goals and impact of key initiatives to cross functional stakeholders.

Administrative

• Administer the Program's budget and participate in quarterly budget planning and forecasting sessions.
• Advocate for Program resources to by creating compelling and data-driven business cases.
• Leverage agile principles to deliver on value streams within budget and consistent with rolling 12-month roadmap.

Qualifications

Education & Certificates

• Bachelor's degree, required
• Degree in Information Systems, Computer Science or related technical discipline, preferred
• Graduate level degree, preferred
• Security certifications: CISSP, CISA or CISM (or related) required.

Professional Experience

• 10+ years' experience leading product security initiatives and working with software development teams to deliver secure enterprise solutions in a hybrid cloud and SaaS environment, required.
• 5+ years working with AI/ML product development processes including an understanding of the model development lifecycle with a lens towards building and scaling AI technologies in a responsible and well managed manner, required.
• Strong project management skills, with the ability to prioritize tasks, manage multiple projects simultaneously, and meet deadlines. Demonstrates prudent financial management in the delivery of key results, required.
• In-depth knowledge of security frameworks, standards, and best practices, such as ISO 27001, NIST Cybersecurity Framework, NIST AI Risk Management Framework, OWASP, and secure software development practices (e.g., SDL, DevSecOps).
• Experience in leading and developing a high-performance security teams, including hiring, performance management, and professional development.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders at all levels of the organization.
• Extensive ability to analyze the threat landscape, assess cyber health and develop appropriate and pragmatic approaches to manage risk.
• Impeccable integrity, exceptional business judgment, and strong relationships with the vendor and security community.

Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by The Carlyle Group.

Company Information

The Carlyle Group (NASDAQ: CG) is a global investment firm with $426 billion of assets under management and more than half of the AUM managed by women, across 586 investment vehicles as of December 31, 2023. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,200 professionals operating in 28 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Investment Solutions - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation.

At Carlyle, we know that diverse teams perform better, so we seek to create a community where we continually exchange insights, embrace different perspectives and leverage diversity as a competitive advantage. That is why we are committed to growing and cultivating teams that include people with a variety of perspectives, people who provide unique lenses through which to view potential deals, support and run our business.

---