Crisis Response Director

As a senior leader in the Enterprise Security organization, this individual will need to be exceptional strategic thinker, a strong decision maker with the ability to positively influence and someone that has exemplary leadership skills. As a member of the leadership team, this individual will strategically develop and manage the Bank’s Corporate Crisis Management program to effectively respond to and recover from a business disruption event. This individual will keep the Bank effectively functioning after disruptive events such as natural disasters, terrorism and pandemic outbreaks and will serve as a subject matter expert regarding incident management tools, resources and industry practices as well as incident impact assessment and notification protocols. Additionally, this individual will develop training and continual process improvement initiatives across the Crisis Response program.

Primary Responsibilities:

• Utilize situational awareness tools and analyze impacting threats to activate appropriate level of response, determine appropriate escalation including activating the Computer Emergency Response Team (CERT) or Executive Management team, either scaled or fully engaged.
• Activate the Incident Action Plan in response to business disruptions including those related to technology disaster recovery, security or weather; provide leadership and subject matter expertise during response to regional and global crisis events.
• Determine need for convening and/or activating the Emergency Operations Center (EOC) and Regional Incident Command Center (RICC) response teams during a business disruption based on severity levels or other escalation triggers. Facilitate and/or interact with response teams on critical information updates.
• Coordinate and manage work with Third Party Risk Management (TPRM) recoverability needs associated with business partners and critical vendors particularly at time of event.
• Serve as communication, management and coordination point of contact for all Crisis teams as well as the Executive Management team.
• Implement strategic communication strategy that properly position the Bank during a crisis or incident that may have a reputational impact.
• Ensure adherence regarding post incident review and assessment processes. Own, track and report on post-incident documentation including process improvement initiatives. Present findings to senior management and operational risk.
• Assess regional and/or global events or potential incidents which may require engagement of the Bank’s crisis management program on a regular and proactive basis. Track and report regional crisis management metrics, issue and change management actions.
• Provide oversight regarding Crisis Management Risk Control Self-Assessment (RCSA) requirements. Participate in industry and regulatory exercises (DRPC Cyber etc.).
• Conduct executive-level training and exercises to ensure Crisis Management roles and functions are clear.
• Identify knowledge gaps, develop and deliver awareness and training content appropriate for varying audience types.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

The job holder is engaged in activities that support the Corporate Operational Risk framework, Internal Audit, Operational Risk, regulatory reviews, incident response and managing resources.

Education and Experience Required:

Minimum of 11 years’ combined higher education and/or related work experience

Minimum of 3 years’ proven supervisory or leadership experience with strong strategic, critical thinking and problem solving skills

Previous emergency response experience

Previous leadership and supervisory experience

Certified Business Continuity Professional (CBCP), Certificate of Business Continuity (CBCI), Master Business Continuity Planner (MBCP) or domain-related industry-recognized certification

Exceptional verbal and written communication skills, with experience effectively communicating business and Technology risks and their impacts on business productivity, profitability, reputation and brand effectively with a broad range of personnel at all levels and in all areas, as well as their impacts to business partners, service providers and other external stakeholders

Proven strategic leadership and relationship management capabilities, including experience with multiple internal stakeholders, particularly senior and line-of-business management, as well as external parties such as law enforcement, regulators, customers, business partners and third-party service providers

Experience leading and managing multidisciplinary workgroups and teams as well as self-directed professionals to meet goals across multiple projects

#LI-KB1

Location Buffalo, New York, United States of America