The VP, Crisis & Incident Management Lead is responsible for the strategic leadership and operational execution of the Bank’s crisis and incident management program across the Americas. As part of the Operational Resilience team, this individual will ensure that the bank can effectively prepare for, respond to, and recover from a broad range of disruption scenarios, including:

• Technology and cyber incidents
• Third-party or supply chain failures
• Natural disasters (e.g., hurricanes, earthquakes, wildfires)
• Manmade disruptions (e.g., civil unrest, mass transit outages, workplace violence)
• Geopolitical events (e.g., war, political instability, sanctions-triggered disruptions)
• Pandemic or public health crises
• Infrastructure outages (e.g., power, telecommunications, water supply)

The role will build a resilient culture through a proactive, risk-informed approach that integrates cross-functional crisis response, regulatory compliance, real-time command and control, and continuous improvement. The VP will serve as a senior escalation point for major incidents, lead the regional crisis response for significant incidents, and escalate where needed to the firmwide crisis governance forums.

The role reports directly to the Head of Resilience Management for the Americas and works closely with stakeholders across Technology, Risk, Cybersecurity, Legal, Communications, and Regulatory Affairs to embed a culture of resilience and readiness.

Key Responsibilities

Strategic Leadership

• Develop and lead a crisis and incident management strategy aligned to the bank’s operational resilience framework and key business services.
• Translate regulatory expectations (e.g., FFIEC, DORA, OCC, PRA) into actionable, risk-informed response strategies.
• Establish and manage governance forums and escalation protocols for crisis and incident oversight.
• Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders.

Incident Response and Crisis Management

• Act as the lead coordinator during regional crises, ensuring structured, timely, and effective command, control, and communications.
• Maintain and continuously improve incident response plans, escalation playbooks, crisis decision trees, and communication protocols.
• Ensure that major incidents - including those involving third parties and cyber events - are managed in line with regulatory requirements.
• Integrate internal communications tools and channels into a unified communications strategy.
• Maintain and operate an auditable major incident log, with clear decision documentation, timelines, and actions taken.

Process and Technology Optimization

• Drive optimization of incident response processes using data analytics, metrics and automation opportunities.
• Ensure response tooling (e.g., incident management platforms, emergency notifications) is current, well-trained on, and continuously improved.
• Partner with Cyber, Technology, and Ops teams to align response processes and eliminate gaps in cross-domain coordination.

Regulatory Compliance and Audit Readiness

• Ensure full compliance with FFIEC, DORA, OCC, PRA
• Lead regulatory and internal/external audit preparation, ensuring crisis and incident management capabilities are evidenced through documentation, logs, post-incident reviews, and impact tolerance testing results.
• Integrate third-party and cyber risk response coordination into incident response playbooks, ensuring vendor engagement and joint response capabilities are embedded and tested.
• Conduct formal Root Cause Analysis (RCA) and post-incident reviews, identifying systemic issues and implementing corrective actions.

Bachelor’s degree in Risk Management, Information Technology, Business Continuity, or a related field.

• Minimum 10+ years of experience in crisis/incident management, operational resilience, or business continuity.
• Experience leading cross-border incident response and regulatory engagement

• Incident Management: Ability to analyze, prioritize, and manage incidents effectively. Cross-functional command and coordination.
• Strategic Thinking: Ability to align crisis and incident management initiatives with business objectives and regulatory requirements.
• Communication and Documentation: Ensure thorough documentation and clear communications over crisis and incident management activities. 
• Leadership and Team Management: Proven track record of building and leading high performing teams.
• Regulatory Compliance: Expertise in navigating banking regulations and audit readiness
• Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks. 
• Verbal and written communication skills in English and French required (You will need to service Anglophone clients and work with Anglophone colleagues)

• Technical Knowledge: Strong knowledge with incident management technologies such as notification tools, risk intelligence and analysis, etc.
• Incident Management Frameworks: Deep understanding of frameworks such as NIST, FFIEC, DORA, PRA, OCC, etc.