Enterprise Crisis Management Owner

About The Position

Requirements

• Proven experience (10+ years) in incident response or crisis management.
• Demonstrated experience building programs or capabilities from the ground up, not just operating established processes.
• Demonstrated ability to create consistency and confidence amid ambiguity.
• Experience working across multiple business functions and influencing without authority.
• Strong leadership, communication, and stakeholder management skills.
• Ability to translate business operations into risk, impact, and response strategies.
• Experience coordinating geographically distributed teams.
• Knowledge of incident response frameworks and best practices, such as NIST SP 800-61, ISO 27035, Incident Command System (ICS), SANS incident handling process, and Business Continuity standards.
• Familiarity with MITRE ATT&CK framework is a must.
• Experience with security incident and event management (SIEM) tools, intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) solutions and forensic analysis tools - an understanding of the tools available to contain and mitigate an incident.
• Experience with all-hazard crisis management or enterprise resilience programs.
• Background spanning multiple domains (e.g., cyber, physical security, supply chain, operations).
• Experience leading enterprise-wide exercises or simulations.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
• CISSP, CISM, CEH, GIACs or similar certifications.

Nice To Haves

• Master's degree preferred.

Responsibilities

• Design and implement an enterprise crisis management framework spanning multiple hazard types (cyber, physical, supply chain, etc.).
• Define escalation models from business-unit incidents to enterprise-level crises.
• Establish crisis governance, decision-making structures, and operating rhythms.
• Develop playbooks, communication models, and response frameworks, and train others to operate them consistently.
• Drive program maturity through exercises, metrics, and continuous improvement.
• Recruit, mentor, and develop highly adaptable and skilled incident responders across various subject matter specialties.
• Develop and maintain relationships with relevant law enforcement agencies, government agencies, and industry partners to facilitate information sharing and collaboration on threats and incidents.
• Establish and maintain appropriate measurements to demonstrate both capability strength as well as operational status.
• Build strong working relationships across business units (e.g., HR, Legal, Supply Chain, IT, Facilities).
• Understand business unit priorities, dependencies, and failure modes.
• Define and align “pre-crisis” incident handling within each function.
• Ensure consistent escalation and coordination with enterprise crisis management.
• Establish consistent approaches to incident identification, classification, and escalation across domains.
• Define how incidents transition from localized response to enterprise crisis management.
• Lead tabletop exercises and scenario-based testing across business units.
• Drive preparedness activities that reduce ambiguity during real events.
• Advise business units and technology owners on tools and integrations that will support crisis responses.
• Serve as Crisis Manager / Incident Commander during high-severity events.
• Coordinate cross-functional response and decision-making under pressure.
• Supplement domain-focused incident handlers in seeing the corporate Big Picture.
• Lead structured communication with senior leadership and stakeholders.
• Convey confident leadership to both impacted individuals and leadership stakeholders.
• Guide recovery and transition back to steady-state operations.
• Lead post-incident reviews and root cause analysis.
• Track and drive corrective actions across accountable teams.
• Incorporate lessons learned into program enhancements.
• Maintain awareness of evolving risks, predictable risk cycles, attacker techniques and trends, and integrate into preparedness efforts.
• Establish a structure and rhythm such that continuous learning compounds over time.

Benefits

• Employee stock purchase plan with a 2-year look back
• Family support programs
• Robust mental health resources
• Recognition and service awards