Summary

The VP, Crisis & Incident Management Lead is responsible for the strategic leadership and operational execution of the Bank’s crisis and incident management program across the Americas. As part of the Operational Resilience team, this individual will ensure that the bank can effectively prepare for, respond to, and recover from a broad range of disruption scenarios, including:

• Technology and cyber incidents
• Third-party or supply chain failures
• Natural disasters (e.g., hurricanes, earthquakes, wildfires)
• Manmade disruptions (e.g., civil unrest, mass transit outages, workplace violence)
• Geopolitical events (e.g., war, political instability, sanctions-triggered disruptions)
• Pandemic or public health crises
• Infrastructure outages (e.g., power, telecommunications, water supply)

The role will build a resilient culture through a proactive, risk-informed approach that integrates cross-functional crisis response, regulatory compliance, real-time command and control, and continuous improvement. The VP will serve as a senior escalation point for major incidents, lead the regional crisis response for significant incidents, and escalate where needed to the firmwide crisis governance forums.

The role reports directly to the Head of Resilience Management for the Americas and works closely with stakeholders across Technology, Risk, Cybersecurity, Legal, Communications, and Regulatory Affairs to embed a culture of resilience and readiness.

Salary Range: $150k-$180k

Key Responsibilities

• Strategic Leadership
  
  • Develop and lead a crisis and incident management strategy aligned to the bank’s operational resilience framework and key business services.
  • Translate regulatory expectations (e.g., FFIEC, DORA, OCC, PRA) into actionable, risk-informed response strategies.
    Establish and manage governance forums and escalation protocols for crisis and incident oversight.
    o    Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders.
• Incident Response and Crisis Management 
  • Act as the lead coordinator during regional crises, ensuring structured, timely, and effective command, control, and communications.
  • Maintain and continuously improve incident response plans, escalation playbooks, crisis decision trees, and communication protocols.
  • Ensure that major incidents—including those involving third parties and cyber events—are managed in line with regulatory requirements.
  • Integrate internal communications tools and channels into a unified communications strategy.
  • Maintain and operate an auditable major incident log, with clear decision documentation, timelines, and actions taken.

#LI-DNI

Key Responsibilities (Cont)

• Process and Technology Optimization
  
  • Drive optimization of incident response processes using data analytics, metrics and automation opportunities.
  • Ensure response tooling (e.g. incident management platforms, emergency notifications) is current, well-trained on, and continuously improved.
  • Partner with Cyber, Technology, and Ops teams to align response processes and eliminate gaps in cross-domain coordination.
• Regulatory Compliance and Audit Readiness
  
  • Ensure full compliance with FFIEC, DORA, OCC, PRA
  • Lead regulatory and internal/external audit preparation, ensuring crisis + incident management capabilities are evidenced through documentation, logs, post-incident reviews, and impact tolerance testing results.
  • Integrate third-party and cyber risk response coordination into incident response playbooks, ensuring vendor engagement and joint response capabilities are embedded and tested.
  • Conduct formal Root Cause Analysis (RCA) + post-incident reviews, identifying systemic issues and implementing corrective actions.
• Team Leadership and Development
  
  • Lead + mentor a high-performing team of crisis and incident managers, driving a culture of excellence, continuous learning, and cross-functional collaboration.
  • Develop training programs for crisis response teams and executive stakeholders, including annual crisis simulations, tabletop exercises, and cross-jurisdictional response testing
  • Support team growth, succession planning, and skill developments

Education Essential: Bachelor’s degree in Risk Management, Information Technology, Business Continuity, or a related field.

Education Desirable:

• Advanced degree (MBA, MS) is strongly preferred.
• Relevant industry certifications (CBCP, MBCI, CRISC, CISM, ITIL, or Certified Incident Manager) are strongly preferred.

Experience Essential:

• Minimum 10+ years of experience in crisis/incident management, operational resilience, or business continuity.
• Experience leading cross-border incident response and regulatory engagement

Experience Desirable:

• At least 3 years of experience in a senior leadership role within the banking or financial services industry.

Competencies Essential:

• Incident Management: Ability to analyze, prioritize, and manage incidents effectively. Cross-functional command and coordination.
• Strategic Thinking: Ability to align crisis and incident management initiatives with business objectives and regulatory requirements.
• Communication&Documentation: Ensure thorough documentation and clear communications over crisis and incident management activities.
• Leadership&Team Management: Proven track record of building and leading high performing teams. Strong project management skills. Ability to thrive in fast-paced, high-stakes environment.
• Regulatory Compliance: Expertise in navigating banking regulations and audit readiness. Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and OCC.
• Crisis Leadership: Demonstrated ability to lead complex incident response efforts across business, technology, cyber, and third-party domains.
• Operational Discipline: Skilled in developing response processes that are scalable, measurable, and auditable.
• Influence & Communication: Strong ability to engage and influence executive leadership and cross-functional teams under pressure.
• Continuous Improvement: Embeds lessons learned, metrics, and feedback loops into the resilience lifecycle.

Competencies Desirable:

• Recognized as a subject matter expert in the incident management space
• Cybersecurity incident response collaboration

Skills and Knowledge Essential:

• Technical Knowledge: Strong knowledge with incident management technologies such as notification tools, risk intelligence and analysis, etc.
• Incident Management Frameworks: Deep understanding of frameworks such as NIST, FFIEC, DORA, PRA, OCC, etc.
• Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

Skills and Knowledge Desirable: 

• Automation and AI-based incident response triggers
• Advanced dashboarding and incident trend analysis