AVP, Data Security

Company Profile

The Carlyle Group (NASDAQ: CG) is a global investment firm with $475 billion of assets under management, across 678 investment vehicles as of March 31, 2026. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,500 professionals operating in 28 offices in North America, Europe, the Middle East, Asia and Australia.

Carlyle's purpose is to connect people, ideas, and capital to fuel growth for companies and performance for investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Carlyle AlpInvest - and has deep expertise across industries, markets, and geographies.

At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." Reflecting this view, emphasis is placed on development, retention and inclusion through our internal processes and seven Employee Resource Groups (ERGs). We cultivate a culture where ideas are openly shared and challenged, connecting diverse expertise and perspectives to drive enduring value.

Position Summary

The Associate Vice President of Data Security provides strategic leadership and direction for the enterprise data security program, ensuring the confidentiality, integrity, and availability of sensitive data across the organization. This role leads the design, execution, and continuous improvement of data security initiatives that align with business objectives, regulatory requirements, and evolving threat landscapes.

The AVP of Data Security oversees complex, multi-year security programs and high-impact projects, coordinating cross-functional teams across technology, engineering, legal, compliance, and business units. Through strong program and project management discipline, the role drives measurable risk reduction, ensures timely delivery of security initiatives, and maintains accountability for outcomes.

As a senior leader, this position bridges technical data security capabilities with organizational priorities, translating risk and security requirements into actionable strategies for executive stakeholders. The role is responsible for guiding the adoption and optimization of data security technologies-including data classification, encryption, data loss prevention (DLP), identity and access controls, and monitoring solutions-while establishing governance, metrics, and reporting to assess program effectiveness and maturity.

In-Office Requirement: 4 days per week

Primary Responsibilities

• Lead the strategy, implementation, and optimization of enterprise DLP capabilities to prevent unauthorized disclosure of sensitive data, including PII, PCI, MNPI, and proprietary investment information.
• Oversee content inspection technologies leveraging pattern matching (e.g., SSNs, account numbers), keyword analysis, and checksum validation.
• Guide adoption of AI/ML-based DLP techniques that incorporate user behavior analytics and contextual risk to detect anomalous data activity.
• Ensure coverage for data at rest, in motion, and in use across endpoints, email, cloud collaboration platforms, and SaaS applications.
• Establish and mature DSPM capabilities to continuously discover, classify, and assess risk across enterprise data stores, including cloud platforms, data warehouses, and investment systems.
• Drive risk-based prioritization of data exposures caused by misconfigurations, excessive permissions, and insecure data flows.
• Integrate DSPM insights with DLP, IAM, encryption, and cloud security controls to create a unified data protection posture.
• Define metrics, reporting, and executive dashboards to communicate data risk and posture trends to senior leadership

Requirements

Education & Certificates

• Bachelor's degree, required
• Master degree in a related technical field or finance, preferred
• CISSP, CISM, or other vendor agnostic security certifications

Professional Experience

• Minimum of 6 years of overall relevant technical experience, required
• Microsoft Purview Data Loss Prevention experience required
• Enterprise Data Loss Prevention (DLP) Architecture and Implementation
• Data Security Posture Management (DSPM) and Data Discovery
• Data Protection Technologies and Controls
• Advanced Data Monitoring and Analytics: Familiarity with content inspection techniques (pattern matching, checksum validation, keyword analysis) and AI/ML-driven analytics, including user behavior analytics (UBA/UEBA), to detect anomalous data access and potential exfiltration events.
• Security Program Integration and Metrics Development: Ability to integrate DLP, DSPM, IAM, encryption, and cloud security controls into a cohesive data protection architecture while establishing measurable security metrics, reporting frameworks, and executive dashboards to track program maturity and risk reduction.

Competencies & Attributes

• Strong understanding of Data Loss Prevention (DLP) concepts, including content inspection, pattern matching (PII, PCI, PHI), and policy-based data protection
• Experience with AI/ML-driven data risk detection, leveraging behavioural analytics and contextual analysis to identify anomalous data activity
• Proficiency in data discovery and classification across data at rest, in motion, and in use within cloud, on-premises, and hybrid environments
• Knowledge of Data Security Posture Management (DSPM) capabilities, including continuous data inventory, risk assessment, and exposure prioritization
• Ability to assess and remediate data security risks such as misconfigurations, over-permissioning, and unintended data exposure paths
• Experience defining and enforcing data security policies aligned with organizational risk tolerance and regulatory requirements
• Familiarity with encryption, tokenization, and data masking techniques to protect sensitive information in production and non-production environments
• Strong understanding of identity and access governance, including least-privilege access models and integration with IAM and PAM solutions
• Knowledge of security monitoring and analytics platforms (SIEM, UEBA) for detecting, investigating, and responding to data-related security incidents
• Experience with real-time alerting and automated response workflows to accelerate incident containment and remediation
• Understanding of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI DSS, SOC 2) and mapping data security controls to audit and reporting requirements
• Ability to integrate DLP, DSPM, IAM, and monitoring tools into a cohesive, enterprise-wide data security architecture
• Experience with enterprise implementation of Microsoft Purview Data Loss Prevention

Benefits/Compensation

The compensation range for this role is specific to Washington, DC, and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.

The anticipated base salary range for this role is $170,000 to $190,000.

In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.

Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle.