Norman D. Hill, CISSP, CISM, CISA, MCP

Richmond, VA 23238 • 804-241-1651•


Senior Information Security Practitioner



Experienced professional with solid history of success as on-staff expert and consultant in financial services, state government agency, health care, banking, and business environments. Military veteran with strong ability to manage projects from concept to completion ensuring on-time, on-budget, and on-target delivery. Extensive background in networks and operations. Demonstrated skills in developing and implementing processes and procedures that enhance business efficiencies and lower risk.


Core Competencies:

·       Full Life Cycle Project Management

·       Contract Negotiations and Oversight

·       Team Building and Leadership

·       Staff Training and Development

·       Information Security Assessments


·       Budget and Capital Expenditure Planning

·       Advanced Technology and Business Solutions

·       Problem Resolution and Troubleshooting

·       Vendor Relations and Management

·       Information Security Risk Remediation

Professional Experience

VCU Health System, Richmond, VA

Data Security Specialist, 2017


Working to reset and modernize VCU Health's Information Security Risk Management program. Performing internal and Third-Party Risk Assessments to ensure compliance with internal and regulatory requirements to protect patient and company data such as HIPPA, HITECH, Sarbanes-Oxley, etc. Review controls and policies to ensure relevant and effective Information Security governance. Instrumenting GRC tools to monitor program effectiveness.


Capital One Financial Corporation, Richmond, VA

Information Security Assessor, 2014-2017

Investigate, create, and oversee detailed information security reviews on Fortune 500 suppliers including Xerox, Bank of New Mellon, First Data, TSYS, Fidelity, Deloitte, and PricewaterhouseCoopers. Focus on topics including access management, business continuity, disaster recovery, data security, data management desktop, server/system security, application security/software development, human resource governance, information security policy/governance, IT operations, network security, password management, physical security, and subcontractor management. Guarantee suppliers comply with contractual and regulatory requirements, utilize industry best practices, and sustain properly-managed secure environments. Periodically reviewing supplier provided SOC Type 2 and 3, PCI ROC and SSAE-16 reports to ensure ongoing compliance with NIST 800-53, ISO 27000/9001, Sarbanes-Oxley and PCI regulatory requirements, frameworks and standards.  Help supplier managers work with suppliers to remediate assessment results.

Key Achievements:

§  Conducted 46 medium-to-large information security assessments in 2016.

§  Negotiated information security protections for acquired loan portfolios including $9B healthcare financial services company portfolio.


Information Security Analysis Manager, 2013-2014

Ensured designated information security protections were written into all service contracts. Collaborated with multiple departments to ensure proper protections were carried out by suppliers.

Key Achievement:

§  Negotiated security protections in contracts with Oracle, Network Solutions, Salesforce, Microsoft, Amazon Web Services, Fidelity, BMO Harris, and additional Fortune 1000 businesses.

Production Support Manager, 2012-2013

Supervised insourcing of data center management services. Ensured that all company policies, procedures, and guidelines were followed and contractual SLAs were maintained during transition. Reviewed and tracked more than 500 documents related to run-the-engine environment to ensure completeness.

Key Achievements:

§  Developed and implemented reporting portal with 700+ in on demand reports saving more than 1,000 man hours per month in data compilation and reporting.

§  Reviewed and tracked 500+ documents for run-the-engine environment to ensure completeness and accuracy as environment was insourced.

§  Led nine-person team (seven associates and two contractors) standardizing and merging backups and storage of 3,700 servers across 23 legacy and acquired data centers.

Senior Manager, Enterprise Storage Operations, 2011-2012

Directed team of nine internal and outsourced/offshore staff handling 5,000+ nightly backups connecting DR partners in multiple data centers. Introduced enterprise policies and procedures to back up and restore data in PCI DSS and federally regulated environment. Led elimination of tape backups by implementing virtual tape library environment with multiple technologies. Obtained and communicated metrics on backup infrastructure performance.

Key Achievement:

§  Directed deployment and conversion of about 3,700 servers from Tivoli Storage Manager to CommVault Simpana remediating company’s top risk.

Consultant/SE Planner II, 2011

Managed IT infrastructure project teams to convey business needs into functional specifications. Supervised matrixed and outsourced team of associates that ensured consistent delivery of infrastructure services in execution of various detailed simultaneous projects.

Key Achievement:

§  Ensured projects met established corporate processes, policies and procedures, and arranged all aspects of Infrastructure hardware procurement.

Virginia Department of Motor Vehicles, Richmond, VA

Deputy IT Security Director, 2009-2011

Secured DMV data environments by enforcing policy, procedures, and standards for internal and external users. Developed and conducted detailed security tests, evaluation strategies, and system project plans to initiate operational and technical security tactics complying with all federal, Commonwealth of Virginia, and PCI DSS policies and standards. Facilitated system and network tests to guarantee compliance with approved security controls and measures. Led agency effort to become PCI DSS certified including leading 15-20 interdisciplinary staff to study and deploy mandated changes. Supervised COV required triennial business impact and risk analysis projects.

Key Achievements:

§  Oversaw team of contractors responsible for agency PCI DSS compliance efforts.

§  Served as acting IT Security Director during Director’s extended absence.

Consultant/Deputy AITR, 2008-2009

Served as primary resource for and furnished relationship management to support activities between agency business units and Virginia Information Technologies Agency's (VITA) IT managed services vendor. Managed policy, procedures, and workflow initiation through completion of VITA's request for services process. Arranged agency personnel tasks focused on VITA's IT Infrastructure Transformation efforts to ensure service level agreements to business units was sustained.

Key Achievement:

§  Furnished technical input and guidance related to infrastructure and technology components of agency projects.

Virginia Information Technologies Agency, Agency Performance Manager, 2006-2008 

Analyzed vendor performance to meet service levels and customer expectations. Helped agencies determine business priorities and identify business-critical technology options. Arranged IT infrastructure service preferences for existing customers. Collaborated with CRM team to translate business requirements into IT needs. Advised technical capabilities of IT infrastructure. Handled issue escalations tied to IT service delivery for agency customers. Served as primary contact for executive branch agencies into service management organization. Appointed to committees creating policies, procedures, and service level agreement for services furnished by managed services vendor. Worked as administrative manager for IT partnership managed staff.

Key Achievement:

§  Served as liaison between multiple geographical disparate state agencies and private industry IT contractors as agency IT personnel and computer resources were integrated into centralized state IT agency.

Additional Professional Experience:

Director of Technology Services for Affiliated Computer Services, Inc., Richmond, VA

Director of Technology Services/Chief Technology Officer for Summit Business Solutions, Glen Allen, VA

Corporate Information Services Manager for PRE Holding Company, Inc., Midlothian, VA

Information Technology Manager for Brown Distributing Company, Richmond, VA

Systems Engineer III for United Network for Organ Sharing, Richmond, VA

Information Systems Consultant/Systems Engineer for Virginia Department of Transportation, Richmond, VA

Network Engineer for Signet Banking Corporation, Glen Allen, VA

Mid Atlantic LAN/Systems Administrator for MCI Telecommunications, Glen Allen, VA

Systems Engineer for Digital Equipment Corporation, Richmond, VA

Aviation Electronics Technician for U.S. Navy, Virginia Beach, VA 

Technical Proficiencies


Windows NT-2016, Redhat RHEL 4.3-7.2  and Ubuntu Linux 12.10-18.04, Cisco IOS,  F5 Appliances, Amazon Web Services, EMC Vmax, Data Domain, Isilon, Clarion, Sun SPARC


VB,C#/ASP.Net Development 7-2017, VBScript/VBA 2000-2016, JavaScript 1.5-1.8, Microsoft T-SQL 7-2016, Teradata 12-15, Oracle SQL*Plus 9-12.1, MySQL 5.x


Windows Server/AD Administration, RedHat Linux Server Administration, OpenLDAP Administration, McAfee ePO Suite, Symantec EPP Suite, Splunk, FireEye, Microsoft SQL 7-2016/Reporting Services 2005-2016


Wireshark, Putty, CuteFTP, NetMon, Nagios, Nessus, Nmap, BurpSuite


Education and Credentials


Bachelor of Science in Communications with Computer Science (Programming) Minor

Lyndon State College, Lyndonville, VT


Certified Information Security Auditor (CISA), 2015, Certification #15124986

Certified Information Security Manager (CISM), 2015, Certification #15821845

Certified Information Systems Security Professional (CISSP), 2011, Certification #394164

Microsoft Certified Professional (MCP), 2002, Certification #2561911

Commonwealth of Virginia, Notary Public, Commission Expires May 2018