Head of Enterprise Incident Management

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency:  English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

The Head of Enterprise Incident Management will lead a team responsible for the development, execution, and continual improvement of the enterprise-wide crisis management and incident response programs inclusive of tech and non-tech incidents. The chosen candidate will manage the central coordination of incidents that require oversight and command and control, ensuring appropriate response and remediation efforts are taken swiftly. As the Head of Enterprise Incident Management, responsibilities include ensuring the organization is prepared to effectively respond to and recover from critical incidents, mitigating potential risks, and protecting the reputation, assets, and operations of Truist. During enterprise incidents, this leader will serve as the internal spokesperson for crisis-related issues, ensuring accurate, fact-based, and timely updates to internal stakeholders, including the Operating Council. This role will require strategic leadership, exceptional crisis management skills, and a deep understanding of financial services risk management and regulatory requirements.

ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job.  Other duties may be performed, both major and minor, which are not mentioned below.  Specific activities may change from time to time. 
1. Enterprise Response Leadership:
a.    Own the enterprise framework for managing enterprise-level incidents across all categories (technology, cyber, physical, operational, political, etc.). 
b.    Lead a structured escalation and decision-making process with defined authority thresholds.
c.    Lead and drive the incident management process, organization, and teams, ensuring alignment with organizational objectives, regulatory requirements and industry best practices.
d.    Act as an Enterprise Incident Management advocate with business units ensuring business buy-in and facilitating integration of second line policies, standards, and minimum requirements.
e.    Ongoing subject matter expertise on all Enterprise Incident Management regulatory requirements, defining threats, and risk scenarios to provide recommendations on changes or program enhancements required to address such requirements and threats.
f.    Understand and apply internal policies/procedures, laws and regulations and managing to regulatory requirements including but not limited to: FFIEC, OCC, FINRA, and Federal Reserve.
2.    Team Leadership & Talent Strategy:
a.    Build and lead a high-performing Enterprise Incident Management team, including seasoned Incident Commanders. Define roles, responsibilities, and coverage to ensure 24/7 response readiness.
b.    Train, advise, and partner with other teams to identify, prepare for, manage and identify lessons learned from critical incidents and crises through robust standards and processes.
c.    Drive the socialization, adoption, consistent and appropriate implementation, and ongoing maintenance of the Enterprise Incident Management policies, standards, methods, etc. across the bank.
3.    Command & Control Execution:
a.    Establish strong command and control of an incident, establishing clear accountability/ownership and methodical evaluation of complex issue scenarios.
b.    Direct incident triage, assessment, and response coordination with clear ownership and accountability. Activate enterprise-level response plans and ensure accurate situation reporting to the C-suite and Board when required.
c.    Oversee the creation and management of crisis response teams, ensuring effective coordination during incidents.
d.    Act as a central point of contact for all enterprise-wide incidents.
e.    Manage the escalation, assessment, and resolution of incidents, ensuring the appropriate stakeholders are involved at each stage of the incident lifecycle.
f.    Oversee incident recovery efforts, ensuring business continuity and the swift resumption of critical operations.
g.    Serve as internal spokesperson for crisis-related issues when required, ensuring accurate and timely updates to internal stakeholders, senior leaders including the Operating Council.
4.    Cross-Functional Integration:
a.    Serve as the central coordination point for Technology, Cybersecurity, Corporate Communications, Legal, Physical Security, Privacy, Compliance, Fraud, Financial Crimes, Facilities, and Third-Party Management, and the Business during high-impact events.
b.    Continuously enhance incident management standards, procedures, and response frameworks.
c.    Foster strong relationships with line of business, operations, legal, risk, compliance, etc. to ensure a coordinated and effective response to incidents.
d.    Work with stakeholders and internal business units to establish, provide, and agree on clear goals, objectives, and performance delivery outcomes as well as timelines for Enterprise Incident Management.
5.    Program Development & Maturity:
a.    Design and implement a scalable incident management operating model, aligned with the enterprise resilience strategy. Develop incident classification models, escalation triggers, and response playbooks to drive repeatable excellence under pressure.
b.    Build and execute incident management training programs for employees at all levels, including senior management, incident response teams, and key operational groups.
c.    Participate, and at times facilitate, crisis simulation exercises to test response protocols and identify gaps in current processes.
d.    Maintain appropriate Risk Profile through proactively identifying risks and implementing the necessary mitigations where warranted.  Partner effectively with 2nd line of defense, Audit, and regulators to ensure Risk is identified and mitigated.
e.    Stay up to date with emerging trends, regulations, and best practices related to enterprise risk and incident management.
f.    Ensure compliance with relevant regulatory requirements related to crisis management and incident response in the financial services industry.  
6.    Collaboration with Continuity Management:
a.    Partner with the Head of Continuity Management to ensure seamless alignment across incident response, business continuity, and disaster recovery efforts. Jointly oversee readiness exercises and simulation programs.                                                                                                                                           
7.    Metrics & Post-Incident Review:
a.    Establish enterprise-level KPIs for incident response.
b.    Lead after-action reviews to extract insights and embed continuous improvement into the program.
c.    Work closely with senior executives to provide regulator updates on incident management activities lessons learned, and recommendations for continuous improvement.
d.    Coordinate the return of structures, systems, and personnel to functional states equal to or better than pre-crisis conditions.
 

QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1.    Bachelor’s degree or equivalent work experience
2.    15+ years of progressive leadership experience in crisis or incident management, enterprise risk, operations, technology, or resilience
3.    Expertise in DR/BC frameworks including ISO 22301, National Institute of Standards and Technology (NIST), or Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook), and Financial Services regulatory standards required.
4.    Proven ability to lead under pressure with executive presence and sound judgment
5.    Deep experience navigating matrixed organizations and aligning stakeholders with competing priorities
6.    Skilled in developing and implementing enterprise-wide frameworks, processes, and governance structures
7.    Familiarity with regulatory expectations and industry standards for operational and technology resilience
8.    Exceptional communicator, capable of briefing executive leadership, boards, and cross-functional partners with clarity and impact
9.    Experience in crisis management, business continuity, resiliency, operational resiliency
10.    Experience leading an enterprise incident management program, particularly for a large financial services or multinational firm
11.    Excellent written and verbal communication skills with ability to express complex concepts and processes in a straightforward manner
12.    Excellent leadership and influence skills
13.    Adept with Microsoft Office products

Preferred Qualifications:
1.    Advanced degree strongly preferred (e.g. Master of Business Administration, Risk Management, or relevant master’s degree)
2.    20+ years in senior leadership positions across lines of business, functions, and/or technology in financial services industry
3.    Experience developing and enhancing documentation and communications reports using a wide array of information sources and publishing to different audiences, including senior management, corporate risk groups and regulators
4.    Adaptable to rapid large-scale changes in business processes and organizational structure
5.    Comfortable working in a complex matrix environment with simultaneous responsibility to business line management and department, group and corporate level risk teams
6.    Experience presenting to Regulators including but not limited to the Federal Reserve Board (FRB), Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC)
7.    Industry Certifications including Certified Business Continuity Professional (CBCP), Master Business Continuity Professional (MBCP), Certified Information Systems Security Professional (CISSP), or similar certifications are preferred.
 

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law   Pay Transparency Nondiscrimination Provision   E-Verify