Job Description

General information

Entity

About Crédit Agricole Corporate and Investment Bank (Crédit Agricole CIB)

Crédit Agricole CIB is the corporate and investment bank of the Crédit Agricole group, the 10th largest banking group in the world *.

We support major companies and financial institutions in their development and the financing of their projects.

As pioneers in responsible finance, social and environmental commitments are at the heart of our activities.

Joining our teams means working in a multicultural environment, both dynamic and stimulating, where you will contribute to developing a sustainable economy.

We support employees throughout their journey: you will develop your skills and access various mobility opportunities among the diversity of our businesses in more than 30 international locations.

Our culture is built on collaboration, innovation and openness, where everyone is valued and empowered.

By working every day in the interest of society, Crédit Agricole CIB aligns with the Group values committed to diversity and inclusion and placing people at the heart of all its transformations.

All our jobs are open to people with disabilities. We welcome applications from candidates of all backgrounds and experiences.

Ready to take part in our mission ?

*By balance sheet size - The Banker, Juillet 2025

Reference

2026-112017

Update date

27/04/2026

Business type

Types of Jobs - IT, Digital et Data

Job title

Head of Operational Resilience Management

Contract type

Permanent Contract

Job summary

The Head of Operational Resilience Management will be responsible for developing, implementing, and overseeing the bank’s strategy to ensure resilience against operational disruptions, cyber threats, and systemic risks. This role will lead enterprise-wide resiliency initiatives, ensuring alignment with regulatory expectations, industry best practices, and emerging threats. The ideal candidate will collaborate closely with technology, risk management, compliance, and business leadership to enhance operational integrity and incident response capabilities. This is a high-impact role requiring deep expertise in cybersecurity, operational risk management, and business continuity planning in a highly regulated financial environment.

Salary Range: $200k-$250k

Key Responsibilities

1. Enterprise Resilience Strategy Development
· Develop and implement a comprehensive operational and cyber resiliency strategy aligned with regulatory requirements and industry standards.
· Define resilience objectives, key risk indicators (KRIs), key performance indicators (KPIs), key control indicators (KCIs) and other relevant metrics to measure the effectiveness of resiliency programs.
· Collaborate with senior leadership to embed resilience principles into business and technology processes.
· Stay ahead of emerging risks, regulatory changes, and threat landscapes to refine and enhance resilience strategies.
2. Incident Management and Cyber Resilience
· Oversee the development and execution of the bank’s incident management framework, ensuring rapid response and recovery from information security and technology incidents.
· Lead and design tabletop exercises and simulations to test cyber incident response and business recovery capabilities.
· Coordinate with internal and external stakeholders (e.g., regulators, law enforcement, third-party service providers) during cyber events.
· Ensure integration of cyber resilience into broader enterprise risk management and IT security functions.
3. Business Continuity and Disaster Recovery (BC/DR)
· Develop and maintain enterprise-wide business continuity and disaster recovery plans, ensuring readiness to sustain critical business operations during disruptions.
· Conduct regular BC/DR testing, audits, and training sessions to validate effectiveness and improve preparedness.
· Work closely with technology teams to ensure recovery time objectives (RTOs) and recovery point objectives (RPOs) are met for critical systems.
· Establish and maintain alternative operational processes to mitigate disruptions during system failures or cyber events.

#LI-DNI

Supplementary Information

Key Responsibilities (Cont)

4. Regulatory Compliance and Governance
· Ensure compliance with all relevant regulatory frameworks (e.g., FFIEC, OCC, Basel, DORA) related to operational and cyber resiliency.
· Serve as a key liaison with regulatory bodies and auditors, preparing reports and responses to inquiries regarding resilience programs.
· Develop governance frameworks, policies, and procedures to enforce resilience-related mandates across the organization.
· Foster a culture of compliance and resilience awareness throughout the bank.
5. Third-Party and Supply Chain Resilience
· Assess and mitigate risks associated with third-party vendors, ensuring they meet the bank’s operational and cyber resilience standards.
· Establish rigorous due diligence processes for critical suppliers, including resilience testing and contractually mandated recovery capabilities.
· Develop contingency strategies for vendor-related disruptions and ensure robust exit strategies for key service providers.
· Collaborate with procurement and risk management teams to integrate resilience considerations into vendor selection and onboarding processes.
6. Threat Intelligence and Risk Monitoring
· Develop and oversee an operational risk and threat intelligence program to proactively identify vulnerabilities and emerging threats.

Position location

Geographical area

America, United States Of America

City

NEW YORK

Candidate criteria

Minimal education level

Bachelor Degree / BSc Degree or equivalent

Academic qualification / Speciality

Education Essential: Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Education Desirable:

• Advanced degree (MBA, MS) is strongly preferred.

• Relevant industry certifications (CISSP, CISM, GIAC) are strongly preferred.

Level of minimal experience

11 years and more

Experience

Experience Essential:

• Minimum 10+ years of experience in information security or related field.

Experience Desirable:

• At least 3 years of experience in a senior leadership role within the banking or financial services industry.

Required skills

Competencies Essential:

• Incident Management: Ability to analyze, prioritize, and manage security incidents effectively.
• Strategic Thinking: Ability to align cyber risk initiatives with business objectives
• Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities.
• Leadership and Team Management: Proven track record of building and leading high performing teams
• Regulatory Compliance: Expertise in navigating banking regulations

Competencies Desirable:

• Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space

Technical skills required

Key Responsibilities (Cont)

6. Threat Intelligence and Risk Monitoring
· Develop and oversee an operational risk and threat intelligence program to proactively identify vulnerabilities and emerging threats.
· Partner with cybersecurity, fraud prevention, and risk management teams to integrate threat intelligence into resilience planning.
· Monitor key operational risk indicators and trends, ensuring timely action to mitigate potential disruptions.
· Implement continuous improvement processes based on lessons learned from incidents, audits, and threat assessments.
7. Leadership and Stakeholder Engagement
· Lead a cross-functional resiliency team, fostering collaboration between IT, risk management, compliance, and business units.
· Provide executive leadership with regular briefings on resilience posture, key risks, and strategic initiatives.
· Advocate for resilience investments, ensuring adequate funding and resource allocation for critical initiatives.

Skills & Knowledge Requirements:

• Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.
  Investigations: Strong knowledge with leading security investigations.
  Cybersecurity Frameworks: Deep understanding of frameworks such as NIST Cybersecurity Framework
  Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

Languages

Proficiency in English (both written and verbal)