Joel Norris
Cyber Security Director, CISSP, E|CH, ITILV3, Sec+
Bischofszell
Summary
Accomplished cybersecurity leader with extensive experience as a CISO, DoD ISSM, and Group Regional Security Manager for multinational organizations. Adept at crafting and implementing robust security strategies, leading global teams, and aligning security initiatives with business objectives. Expertise spans risk management, compliance, incident response, SOC operations, training, and operational technology. Recognized for developing proactive security cultures, optimizing resource use, and driving alignment between cybersecurity frameworks and organizational goals.
Overview
27
27
years of professional experience
4
4
Certifications
2
2
Languages
Work History
Group Regional Security Manager (Corporate CISO)
Holcim Group Services
01.2021 - Current
- Provided strategic guidance to legal teams and global security staff on third-party risk assessments, identifying and mitigating risks in key projects to enhance organizational resilience.
- Directed security assessment and penetration testing processes to ensure alignment with regulatory standards and industry best practices, strengthening the organization’s overall security posture.
- Refined penetration testing strategies by coordinating with third-party vendors, aligning testing scopes with organizational objectives and enhancing security defenses.
- Led IT security workgroup meetings, synchronizing regional security officers with global strategies to foster cohesive and collaborative security initiatives.
- Leveraged advanced data analytics to identify potential threats proactively, reducing cybersecurity incidents through the integration of diverse data sources.
- Managed security protocols at Holcim's headquarters, promoting a culture of security awareness among executives and key business leaders through proactive risk management.
- Established standardized processes for defining security configuration baselines and network zone requirements, enhancing security across global operations.
- Evaluated and enhanced security standards, identifying improvement opportunities to strengthen the organization's cybersecurity framework.
- Reinforced cybersecurity for SWIFT, treasury environments, and financial systems, mitigating risks and protecting against cyber threats.
- Strengthened Operational Technology (OT) security by implementing advanced controls and improving network visibility to mitigate OT system vulnerabilities.
- Collaborated with IT teams to implement robust cybersecurity protocols, safeguarding critical company data from unauthorized access and cyber threats.
- Responded to security incidents swiftly and effectively, minimizing operational disruptions and restoring system integrity.
- Led cross-functional teams in the development and execution of crisis response plans, ensuring organizational preparedness for diverse scenarios.
- Analyzed intelligence reports to anticipate and address potential threats, enhancing security readiness across the organization.
- Designed and delivered targeted training programs to improve security competencies among staff, fostering a culture of awareness and resilience.
- Spearheaded periodic policy and procedure reviews for regional security management, driving continuous improvements in security practices.
- Acted as the primary liaison for internal stakeholders regarding regional IT security operations, ensuring effective communication and collaboration.
- Conducted thorough investigations of security breaches, identifying root causes and implementing corrective measures to prevent recurrence.
- Promoted a positive work environment by fostering open communication, collaborative decision-making, and mutual respect among team members.
Cybersecurity Instructor
Swiss Cyber Institute
12.2020 - Current
- Delivered expert-led courses at the Swiss Cyber Institute on security audits, ISO 27001 implementation, and detection and prevention, emphasizing practical application and real-world relevance.
- Tailored teaching methods to accommodate diverse learning styles and professional backgrounds, ensuring an inclusive and impactful educational experience.
- Designed dynamic and adaptable lesson plans to foster active participation, engagement, and motivation among students.
- Maintained a commitment to professional growth by staying current on emerging cybersecurity trends and innovative teaching methodologies to enhance course content and delivery.
Lecturer in Cybersecurity and Data Protection
University of St. Gallen
09.2021 - Current
- Developed and delivered cybersecurity training for the University of St. Gallen’s Master Executive Program, designing courses tailored to address evolving security challenges.
- Created comprehensive training modules on diverse security topics, equipping participants to effectively handle both current and emerging threats.
- Conducted specialized training sessions for Data Protection Officers (DPOs) and executives from Swiss organizations, focusing on implementing practical security controls to safeguard critical business assets.
- Regularly updated course content to reflect the latest industry trends and best practices, ensuring relevance and engagement for participants.
- Provided strategic advisory to organizations on transitioning from reactive to proactive security approaches, improving their resilience against digital threats.
- Fostered an interactive learning environment, facilitating discussions and knowledge-sharing to enhance participant engagement and understanding.
IT Security Director
GateGroup
01.2020 - 12.2020
- Directed IT security oversight across a global organization operating in 60 countries and 200 locations, ensuring the security and resilience of assets, data, and critical systems against emerging threats.
- Achieved full PCI-DSS compliance by implementing rigorous controls to protect payment card data, maintaining industry certifications and safeguarding sensitive information.
- Strategically managed a 5 million CHF security budget, optimizing resources to enhance proactive and reactive security measures while balancing ROI with effective risk mitigation.
- Designed and enforced a comprehensive IT Security Governance framework and global policy standards, aligning security practices with organizational objectives and regulatory requirements.
- Established the Three Lines of Defense model within IT, clarifying roles and responsibilities to streamline risk management, improve accountability, and promote active security engagement across teams.
- Delivered organization-wide security training programs, fostering a culture of awareness and equipping employees with the knowledge to adhere to best practices and uphold security protocols.
- Strengthened operational technology (OT) security, safeguarding critical infrastructure and ensuring the resilience of essential systems supporting global operations.
- Oversaw team of security officers and managed scheduling and performance evaluations.
Associate Director of Cyber Defense
SIX Group
11.2017 - 12.2019
- Authored comprehensive security documentation for international clients, including the European Central Bank, ISSA, FINMA, and Singapore National Bank, ensuring alignment with global standards and regulatory requirements.
- Designed and launched a Vulnerability Management Program for SIX Group, aligning policies and processes with strategic goals and elevating organizational security standards.
- Led the implementation of SOC services across SIX Group, ensuring seamless integration with business objectives and improving incident response times and resolution capabilities.
- Reviewed regulatory changes proactively, assessing operational impacts and developing strategies to ensure compliance while effectively managing risk.
- Mentored and trained team members, fostering a culture of continuous learning and growth while promoting industry best practices.
- Conducted detailed compliance reviews and audits on information assets, ensuring regulatory adherence and strengthening the organization’s security posture.
- Ensured PCI-DSS compliance through meticulous security control configuration, mitigating risks and safeguarding sensitive payment card data.
- Provided strategic leadership to SOC teams on monitoring, triage, and incident response, optimizing processes to reduce response times and enhance incident management.
- Strengthened the Computer Emergency Response Team (CERT) by refining playbooks and enhancing incident response protocols, bolstering SIX Group’s cybersecurity resilience.
Enterprise Cyber Security Manager
U.S. Department of Defense, 7th MSC
06.2012 - 07.2017
- Orchestrated operational meetings with management to ensure seamless release rollouts and solution transitions, safeguarding business continuity.
- Directed the management of Personally Identifiable Information (PII) by developing and enforcing robust policies and technical controls.
- Led Identity Access Management (IAM) and Privileged Access Management (PAM) programs to secure critical assets and prevent unauthorized access.
- Designed and delivered cybersecurity awareness training, impacting over 1,200 staff members with best practices and threat awareness.
- Implemented NIST SP 800-53 controls to align with Department of Defense mandates and FISMA regulations, strengthening organizational resilience.
- Conducted semiannual security control inspections across 23 organizations, ensuring adherence to rigorous compliance standards.
- Facilitated workshops and delivered tailored training to equip teams with essential security knowledge and skills.
- Oversaw vendor evaluation and management, ensuring alignment with security requirements and organizational objectives.
- Applied Security Technical Implementation Guides (STIGs) to reduce attack surfaces and enhance system defenses.
- Directed Zero Trust architecture adoption, achieving compliance with FISMA regulations to fortify the organization’s cybersecurity posture.
- Developed and implemented Disaster Recovery Plans (DRPs) to ensure rapid response and business continuity during disruptions.
- Managed cryptographic devices in accordance with NSA standards, safeguarding sensitive information and secure communications.
- Maintained and led FISMA compliance and accreditation efforts, demonstrating a commitment to rigorous cybersecurity standards.
- Enhanced overall security by conducting comprehensive risk assessments and implementing tailored security plans.
Senior System Administrator
U.S. Army Reserve
08.1998 - 05.2017
- Directed Cyber Military Operations to maintain peak performance and ensure the security and integrity of critical military networks.
- Designed and executed network and system configurations for five major military exercises, enhancing operational readiness and resilience.
- Installed, configured, and maintained servers, switches, and routers to ensure seamless network operations during high-stakes military exercises and operations.
- Managed Active Directory Organizational Units and implemented Group Policies to optimize user access control and enhance security management.
- Administered encryption devices and enforced strict key handling protocols in compliance with NSA Public Key Infrastructure (PKI) standards, safeguarding sensitive military communications.
- Delivered comprehensive training on secure communications protocols, equipping teams with critical skills and best practices for data protection in high-pressure environments.
- Oversaw network connectivity and device management for U.S. and NATO military operations, ensuring uninterrupted communication and mission success.
Service Desk Manager
Chimera Enterprise International
10.2011 - 07.2012
- Delivered critical IT support to the NATO Criminal Lab and Intelligence Cell at Bagram Air Base, Afghanistan, ensuring reliable operations in a high-stakes military environment.
- Led a complete network infrastructure upgrade, enhancing efficiency and aligning systems with mission-critical goals to meet operational requirements effectively.
- Managed five key networks, including Unclassified, Classified, NATO Classified, FBI Net, and USCIL Net, supporting intelligence operations and secure data management across 750 IT systems.
- Provided rapid response to IT issues, minimizing downtime and ensuring seamless operations in support of mission-critical activities.
- Maintained continuous IT service delivery by sustaining a demanding 70-hour workweek, supporting 24/7 military operations and con
- Created a positive work environment through transparent communication, employee engagement initiatives, and accessible leadership style.
Data Manager
Raytheon Technical Services
10.2001 - 06.2005
- Monitored billing cycles within SAP to ensure accurate and timely completion, maintaining financial integrity and adherence to organizational standards.
- Directed the creation and management of Charge Numbers for Raytheon Field Contractors, ensuring accurate expense allocation to appropriate business units within Raytheon Global Services.
- Implemented Lean Six Sigma methodology to streamline departmental processes, achieving significant efficiency gains and cost savings.
- Delivered comprehensive training to team members on best practices for data handling, improving productivity and ensuring data integrity across operations.
- Collaborated with cross-functional teams to define SAP data requirements and facilitate seamless integration for optimized billing processes and accuracy.
- Streamlined data management workflows for increased efficiency and reduced processing time.
- Enhanced data accuracy by implementing robust data validation and quality control processes.
Education
Bachelor of Science - Information Systems Management
University of Maryland
Maryland, USASkills
Strategic Security Development
Governance
ISO 27001
NIST
GDPR
SOX
Incident Response
Vulnerability Management
Threat Intelligence
Cybersecurity Training
Identity and Access Management (IAM)
undefinedCertification
CISSP
Accomplishments
I was selected to participate in the United Nations' AI for Developing Nations discussions in Geneva and Vienna, contributing to global initiatives aimed at leveraging AI for knowledge sharing and development in over 50 represented countries. Engaged in strategic dialogue on using AI to bridge educational and informational gaps, fostering cross-border collaboration and growth. Advocated for the security of generative AI platforms, emphasizing the importance of safeguarding these technologies against misuse while ensuring equitable access and benefits for all nations. Collaborated with international delegates to shape a vision for a globally inclusive and secure AI landscape.
Affiliations
- Information Security Network
- Cyber Security Forum Initiative
- ISC2
- Cloud Security Forum
Additional Information
Citizenship and Residency
- Dual Citizenship: United States and United Kingdom
- Swiss Residency: C Permit holder
Timeline
Lecturer in Cybersecurity and Data Protection
University of St. Gallen
09.2021 - Current
Group Regional Security Manager (Corporate CISO)
Holcim Group Services
01.2021 - Current
Cybersecurity Instructor
Swiss Cyber Institute
12.2020 - Current
IT Security Director
GateGroup
01.2020 - 12.2020
Associate Director of Cyber Defense
SIX Group
11.2017 - 12.2019
Enterprise Cyber Security Manager
U.S. Department of Defense, 7th MSC
06.2012 - 07.2017
Service Desk Manager
Chimera Enterprise International
10.2011 - 07.2012
Data Manager
Raytheon Technical Services
10.2001 - 06.2005
Senior System Administrator
U.S. Army Reserve
08.1998 - 05.2017
Bachelor of Science - Information Systems Management
University of Maryland
Similar Profiles
VICTOR MUGOVICTOR MUGO
Territory Retail Sales Manager at Bamburi Cement Plc, Holcim GroupTerritory Retail Sales Manager at Bamburi Cement Plc, Holcim Group
MUKUL NIRWANMUKUL NIRWAN
Sr. Manager at ACC Ltd (A Holcim Group Co.)Sr. Manager at ACC Ltd (A Holcim Group Co.)
Bruna GomesBruna Gomes
HSE Intern - Process Safety Developer at The Holcim GroupHSE Intern - Process Safety Developer at The Holcim Group