Joel Norris
Bischofszell
Summary
As a highly experienced Group Regional Security Manager, I have a proven track record of developing and implementing effective security strategies for multinational organizations. With extensive knowledge in risk management, compliance, incident response, SOC services, operational technology, and artificial intelligence within business environments. I have successfully led teams across multiple regions to ensure the protection of critical business assets and information. With a customer-focused approach, I work collaboratively with stakeholders at all levels to identify security gaps and develop customized solutions that align with organizational security goals and best business practices.
Overview
26
26
years of professional experience
1
1
Certification
Work History
Group Regional Security Manager (Corporate CISO)
Holcim Group Services
01.2021 - Current
- Provided leadership to legal teams and global security staff in managing third-party assessments and projects aimed at identifying service delivery risks.
- Directed the security assessment and penetration testing processes, ensuring compliance with best business practices and regulatory requirements.
- Oversaw the responsible team to improve organizational security maturity and manage the lifecycle of security measures.
- Led IT Security workgroup meetings to ensure alignment of regional security officers with global security strategies.
- Managed security best practices for Holcim's headquarters and promoting the security culture to executive staff and key business leaders through risk identification and mitigation.
- Designed efficient processes for creating security configuration baselines and establishing security requirements and secure network zones for critical global systems.
- Developed and managed a roadmap for a global policy landscape and security control requirements.
- Enhanced the security of the SWIFT and treasury environment and financial systems.
- Managed Operational Technology (OT) security posture through increased security control implementation and network visibility.
- Implemented cybersecurity protocols in collaboration with IT teams, safeguarding company data from unauthorized access or cyberattacks.
- Responded swiftly to security incidents and effectively resolved security issues.
- Led cross-functional teams to develop and implement emergency response plans for various crisis scenarios.
- Analyzed intelligence reports to proactively identify potential threats and mitigate risks before they materialized.
- Developed customized training programs, improving overall staff competence in security operations.
- Fostered a culture of continuous improvement within the organization by regularly reviewing policies, procedures, and best practices for regional security management.
- Served as a primary point of contact for all internal stakeholders regarding matters related to regional IT security operations.
- Conducted thorough investigations into security breaches, identifying root causes and implementing corrective measures.
Lecturer Data Protection Officer & Cyber Security
University of Sankt Gallen Executive Management Program
09.2021 - Current
- Created and presented courses covering various security-related topics.
- Led courses for Data Protection Officers (DPOs) and Executives from multiple Swiss organizations security control implementation to protect critical businesses assets.
- Maintained instructional quality and effectiveness through constant and timely revisions of programs and course syllabi within the assigned content areas.
- Delivered guidance of cyber security measures that ensure the transformation from a reactive to a proactive digital posture.
- Conducted engaging in-class discussions to facilitate learning and encourage participation.
Cyber Security Instructor
Swiss Cyber Institute
12.2020 - Current
- Conducted training sessions for IT leaders and students on the most up-to-date cybersecurity best practices
- Created coursework on the following topics in ICT: Vulnerability Management, System Design, Project Management, Third-party Risk Management, Continuous Cyber Security Audits and Assessments, ISO27001 Implementation and Control Management, and Detection and Prevention
- Conducted assigned classes of instruction in the best manner to achieve student learning; presented information, ideas, and skills in ways that are appropriate to a variety of learning styles and which show sensitivity to a diverse student population.
- Increased student motivation by developing engaging lesson plans that catered to various learning styles.
- Participated in professional development opportunities to stay current on educational trends and enhance teaching effectiveness.
IT Security Director
GateGroup
01.2020 - 12.2020
- Developed a road map to enhance the security posture and maturity of the organization.
- Oversaw IT Security for the global organization, which spans 60 countries and 200 locations.
- Managed and ensured compliance to PCI-DSS regulatory requirements.
- Controlled the security budget of 5 million CHF and determined appropriate security controls to enhance proactive and reactive measures.
- Developed and implemented IT Security Governance and a useful policy framework for the organization globally.
- Designed and implemented the Three Lines of Defense within IT to help with Risk Management, roles and responsibilities.
- Managed and conducted effective training for organization's staff members.
- Ensured Security measures were enhanced to protect the operational technology environment in support of GateGourmet`s daily work processes.
Associate Director of Cyber Defense
SIX Group
11.2017 - 12.2019
- Created a comprehensive Vulnerability Management Program that includes policies, processes, and scope, reflecting the organization's ambition level and strategic goal.
- Played a crucial role in a project aimed at ensuring proper implementation of SOC services within the SIX Group enterprise.
- Authored documentation on security controls and their implementation for three international organizations, including the European Central Bank, Information Systems Security Association, and Asian Banking Association.
- Ensured that security controls were correctly configured to comply with PCI-DSS requirements.
- Directed SOC Teams on how to conduct Monitoring, Triage, and Incident Response Operations.
- Enhanced the Computer Emergency Response Team (CERT) and the playbooks to increase the effectiveness of the Cyber Security Incident Response capabilities.
- Reviewed proposed regulatory changes and evaluated potential impacts on business operations.
- Trained and mentored new employees on industry practices and business operations.
- Conducted security gap analysis to identify risk within the enclave of SIX Group and delivered mitigation requirements.
Cyber Security Program Manager
U.S. Department of Defense
06.2012 - 07.2017
- Conducted meetings with operational managers to ensure smooth release roll-out and solution transition, ensuring preparedness and continuity.
- Managed Personal Identifiable Information (PII) through policies and technical controls.
- Managed Identity Access Management (IAM) and Privileged Access Management (PAM).
- Created threat awareness presentations and delivered Cyber Security best practices training to over 1200 staff members.
- Conducted security control implementation inspections semiannually for 23 organizations.
- Facilitated workshops and conducted one-on-one training to educate team members.
- Participated in vendor selection and management process for program initiatives.
- Implemented Security Technical Implementation Guides (STIGs) to reduce the attack surface
- Ensured compliance with the Federal Information Security Management Act of 2002 (Zero Trust implementation)
- Developed and implemented Disaster Recovery Plans (DRPs)
- Managed Cryptographic Devices according to the NSA standards
- Ensured and led the military organization’s Federal Information Security Management Act (FISMA) compliance and accreditation
Senior System Administrator
U.S. Army Reserve
08.1998 - 05.2017
- Oversaw Cyber Military Operations to ensure optimal performance and security.
- Developed and implemented network and system configurations for 5 military exercises.
- Installed servers, switches, and routers to ensure smooth network operations for major military operations.
- Managed Organizational Units in Active Directory and Group Policies.
- Administered encryption devices and ensured proper key handling, following NSA - Public Key Infrastructure standards.
- Trained teams on developing and implementing secure communications, emphasizing best practices for data protection.
- Managed network connectivity and devices for US and NATO military operations.
- Diagnosed and executed resolution for network and server issues.
- Performed network security design and integration duties.
Service Desk Manager
Chimera Enterprise International
10.2011 - 07.2012
- Delivered IT support to the NATO Criminal Lab and Intelligence Cell in Bagram Air Base, Afghanistan.
- Revamped the network infrastructure to optimize efficiency and align with strategic objectives.
- Oversaw and maintained five networks, including Unclassified, Classified, NATO Classified, F.B.I Net, and USCIL Net, with 750 nodes used in intelligence gathering and classified data management.
- Addressed user requirements and promptly resolved IT issues to minimize downtime in a critical environment where downtime could result in loss of life.
- Maintained a 70-hour workweek to provide continuous IT services for 24-hour military operations.
Liaison Monitoring Team -Kosovo NATO Forces
U.S. Army Deployment
12.2008 - 12.2009
- Created comprehensive Military Intelligence reports and presentations for senior officers, European Armed Forces Commanders and various State Department VIPs.
- Fostered a culture of teamwork, leadership, safety, and ensured the quality of intelligence reporting.
- Maintained positive working relationships with fellow soldiers, as well as Senior Military Officers.
- Oversaw Security of the the Camp Bondsteel's physical security during an exercise.
- Streamlined information flow for increased efficiency by implementing a centralized intelligence gathering criteria for our team.
- Liaised between Kosovo's Local Government Agencies and Military Operational Partners to promote efficient communication and collaboration.
Data Manager
Raytheon Technical Services
10.2001 - 06.2005
- Oversaw billing cycles to ensure timely completion within SAP.
- Managed the Creation of Charge Numbers for Raytheon Field Contractors to ensure their time on projects was charged to the right business unit within Raytheon Global Services.
- Implemented Lean Six Sigma methodology to streamline departmental processes.
- Trained team members in best practices for data handling, improving overall productivity and data integrity.
- Collaborated with cross-functional teams to identify SAP data requirements and ensure proper integration within the system for billing purposes.
Education
Bachelor of Science: Information System Management -
University of Maryland, USA
05.2017
Skills
- System Architecture Design
- Configuration Management
- Hardware Installation
- Vulnerability Evaluation
- ISO 27001 and 27002
- NIST SP 80053 rev4
- ISA/IEC 62443
- Operational Technology Controls (OT Security)
- Network Security Tools (Firewalls, Intrusion Detection and Prevention Solutions, Proxies)
- Technical and Policy Writing
- SOC Reports
- Risk Management
- Business Continuity Planning
- Project Management
- IT Governance
- Domain Security Management
- Qualys, Tenable Security Center, Retina Vulnerability Scanners
- Security Information and Event Manager (SIEM) (QRadar, Splunk, AlienVault)
- Managed system hardening requirements (SCBs)
- Analyzing system level alerts
- Operating Systems - MS, Linux, MAC iOS
- Oracle SQL DB Design
- Active Directory and LDAP Services
- Endpoint Detection and Response Tools (EDR, XDR and End Point Protection)
- Research and analysis
Certification
- CISSP
- ITIL v3
- C|EH
- Security +
Languages
English
English
German
Linkedin Profile
https://www.linkedin.com/in/joel-norris-97537834/
Associations
- (ISC)2 Switzerland
- ISSS
- AFCEA
- AOC
- Swiss Chinese Law Association (SCLA)
Special Assignments
United Nations distinguished guest addressing concerns with Artificial Intelligence in the legal aspects within the legal profession
Professional Courses
- Project Management Professional
- Certified Cisco Network Associate
- CompTIA Security Practitioner
- Microsoft Enterprise Desktop Support Technician
- Certified Ethical Hacker
- Certified Authorization Professional (RMF/eMass)
- OU Administration
Timeline
Lecturer Data Protection Officer & Cyber Security
University of Sankt Gallen Executive Management Program
09.2021 - Current
Group Regional Security Manager (Corporate CISO)
Holcim Group Services
01.2021 - Current
Cyber Security Instructor
Swiss Cyber Institute
12.2020 - Current
IT Security Director
GateGroup
01.2020 - 12.2020
Associate Director of Cyber Defense
SIX Group
11.2017 - 12.2019
Cyber Security Program Manager
U.S. Department of Defense
06.2012 - 07.2017
Service Desk Manager
Chimera Enterprise International
10.2011 - 07.2012
Liaison Monitoring Team -Kosovo NATO Forces
U.S. Army Deployment
12.2008 - 12.2009
Data Manager
Raytheon Technical Services
10.2001 - 06.2005
Senior System Administrator
U.S. Army Reserve
08.1998 - 05.2017
Bachelor of Science: Information System Management -
University of Maryland, USA
Similar Profiles
Joel NorrisJoel Norris
Group Regional Security Manager (Corporate CISO) at Holcim Group ServicesGroup Regional Security Manager (Corporate CISO) at Holcim Group Services
VICTOR MUGOVICTOR MUGO
Territory Retail Sales Manager at Bamburi Cement Plc, Holcim GroupTerritory Retail Sales Manager at Bamburi Cement Plc, Holcim Group
MUKUL NIRWANMUKUL NIRWAN
Sr. Manager at ACC Ltd (A Holcim Group Co.)Sr. Manager at ACC Ltd (A Holcim Group Co.)
Billy WilliamsBilly Williams
IT Solutions Architect at Fiserv Inc.IT Solutions Architect at Fiserv Inc.
Abhilash AravindAbhilash Aravind
Senior Solution Designer at SingtelSenior Solution Designer at Singtel