Basic information
Job Name:
Security Architect Lead, Security Assurance
Location:
Washington, DC
Line of Business:
Global Technology & Solutions
Job Function:
Investor Services
Date:
Monday, March 9, 2026
Security Architect Lead, Security Assurance
The Carlyle Group
IT
Washington, USA
USD 175k-185k / year
Posted on Mar 10, 2026
Position Summary
The Senior Security Architect leads the design and evolution of Carlyle’s enterprise application and security architecture capabilities. This role is responsible for establishing secure architecture frameworks, defining reference models and reusable design patterns, and embedding security-by-design principles across cloud, application, data, identity, and AI-driven systems.
As the organization introduces AI-enabled platforms and GenAI capabilities, this role will architect secure patterns for AI/ML workloads, LLM integrations, data pipelines, and model governance to ensure responsible, secure, and compliant adoption. The Senior Security Architect partners closely with development, data science, platform, DevSecOps, infrastructure, and business leaders to ensure that AI-enabled architectures align with enterprise risk tolerance while enabling innovation.
In-Office Requirement: 4 days per week
Responsibilities
50% – Security Architecture Strategy & Design
- Design and maintain the enterprise Security Architecture Framework aligned with SABSA, TOGAF, and NIST CSF
- Establish enterprise application security architecture standards, baselines, and reusable reference models
- Develop secure design patterns for web, mobile, API, microservices, SaaS, cloud-native, and AI-enabled architectures
- Architect solutions for authentication, authorization, encryption, secure communications, and data protection
- Design and implement API security strategies including identity flows, gateway controls, throttling, and rate limiting
- Embed Zero Trust and least-privilege principles across enterprise ecosystems
- Establish cloud-native, container, serverless, Infrastructure-as-Code, and AI workload security guardrails
- Architect secure data handling practices, including encryption at rest and in transit
- Provide security architecture guidance for AI/ML and GenAI-integrated applications, ensuring secure model access, data boundary enforcement, and integration with enterprise identity and logging controls
- Assess architectural risks associated with AI-enabled systems, including third-party model integrations, API-based model consumption, and sensitive data exposure
- Lead security design reviews for new applications, AI-enabled solutions, and major system changes
- Assess SaaS platforms, third-party integrations, API-driven services, and AI service providers for architectural risk
- Develop and maintain security architecture roadmaps aligned with enterprise strategy
30% of time – Threat Modeling & Risk Integration
- Develop and mature enterprise threat modeling practices
- Facilitate threat modeling workshops with development and architecture teams
- Perform architecture risk assessments and recommend compensating controls
- Integrate architecture review outputs into enterprise risk management and governance processes
10% of time – Governance, Enablement & Leadership
- Lead or support the Security Architecture Review Board (SARB)
- Develop and deliver security architecture guidance and training for developers and solution architects
- Mentor engineering and architecture teams to elevate secure design maturity
- Maintain documentation of architectural standards, decisions, and reference implementations
- Stay current on emerging threats, technologies, regulatory expectations, and industry best practices
- Lead cross-functional security initiatives with enterprise-wide impact
10% of time – DevSecOps & Secure SDLC Enablement.
- Embed security architecture principles into CI/CD pipelines to support enterprise DevSecOps initiatives
- Define secure coding standards and risk-based security requirements based on application type and data sensitivity
- Establish automated architecture validation and compliance guardrails within build pipelines
- Evaluate, select, and recommend application security tools and technologies (SAST, DAST, IAST, SCA, container security, secrets scanning)
- Define build-blocking (“break-build”) security criteria aligned with enterprise risk tolerance
- Partner with engineering teams to integrate security controls seamlessly into development workflows.
Qualifications
Education & Certificates
- Bachelor’s degree in computer science, Information Security, or related technical field, required
- Relevant certifications such as CISSP, CISSP-ISSAP, CSSLP, SABSA, TOGAF, CCSP, or cloud security certifications (AWS) preferred
Professional Experience
- 8+ years of experience in information security or related technical roles
- 5+ years in a Security Architecture or design-focused leadership role
- 3+ years of experience in Application Security
- Deep understanding of secure design principles, threat modeling methodologies, and architecture patterns
- Experience designing security controls for AWS, Azure, or GCP environments
- Experience securing APIs and microservices architectures
- Strong knowledge of OWASP Top 10, CWE/SANS, and secure software development practices
- Experience implementing DevSecOps practices within CI/CD environments
- Hands-on experience evaluating and implementing application security tools (SAST, DAST, IAST, SCA)
- Strong understanding of cryptographic protocols and secure implementation practices
- Experience supporting modern architectures including SPAs, distributed systems, containerized, serverless, and AI-integrated applications
- Experience assessing architectural risks in SaaS and third-party service integrations
- Excellent communication skills with the ability to translate complex technical risks into business impact
Competencies & Attributes
- Strong enterprise and application architecture design capability
- Ability to balance security rigor with business enablement
- Executive presence with strong influence and stakeholder management skills
- Strategic mindset with pragmatic execution discipline
- Strong documentation and governance orientation
- Analytical, risk-based decision-making approach
- High integrity and accountability
- Collaborative leadership style
Benefits/Compensation
The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.
The anticipated base salary range for this role is $175,000 to $185,000.
In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.
Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle.
Company Information
The Carlyle Group (NASDAQ: CG) is a global investment firm with $477 billion of assets under management and more than half of the AUM managed by women, across 678 investment vehicles as of December 31, 2025. Founded in 1987 in Washington, DC, Carlyle has grown into one of the world's largest and most successful investment firms, with more than 2,500 professionals operating in 27 offices in North America, Europe, the Middle East, Asia and Australia. Carlyle places an emphasis on development, retention and inclusion as supported by our internal processes and seven Employee Resource Groups (ERGs). Carlyle's purpose is to invest wisely and create value on behalf of its investors, which range from public and private pension funds to wealthy individuals and families to sovereign wealth funds, unions and corporations. Carlyle invests across three segments - Global Private Equity, Global Credit and Carlyle AlpInvest - and has expertise in various industries, including: aerospace, defense & government services, consumer & retail, energy, financial services, healthcare, industrial, real estate, technology & business services, telecommunications & media and transportation.
At Carlyle, we believe that a wide spectrum of experiences and viewpoints drives performance and success. Our CEO, Harvey Schwartz, has stated that, "To build better businesses and create value for all of our stakeholders, we are focused on assembling leadership teams with the strongest insights from a range of perspectives." We strive to foster an environment where ideas are openly shared and valued. By bringing together teams with varied expertise and approaches, we enjoy a competitive advantage and create a stronger foundation for long-term success.