Jose María Labernia, CISSP, CISA, GDSA, GCIH, CISM, MBA, PDG

IT Security Head (CISO) Holcim ◆ Risk Management & Crisis Mngt Expert ◆ Internal Control & Compliance Leader ◆ Identity & Access Management ◆ Workplace Services ◆ OT Security ◆ Vulnerability Management & SOC Lead

Madrid, Community of Madrid, Spain

About

I am a seasoned cyber security director with outstanding track record and 20 years of broad experience in IT governance, internal control and risk management fields. I have large capacity for teamwork and always reach high motivation in complex and challenging environments. Ethics and integrity are my core values while posing excellent mix of strategy, management and operational security skills developed in multicultural international environments with multidisciplinary teams, IT solutions and processes, leading to high performance setups, cost savings and an increased resilience culture. I consider myself a continuous learner and have a large expertise in the information security field. My core education is computer sciences but I have also followed and earned several executive and leadership education programs and certifications (PDG, Executive MBA, CISSP, CISM, CISA, GCIH, GDSA, GSEC, ISO27001, ITIL) backed up by many years of practical experience. My transversal core competences include: --------------------------------------------- ▪ Extensive knowledge and a broad skills base ▪ Ability to anticipate ▪ Probing discernment ▪ Capacity to identify cross-cutting strategic issues ▪ Sound ethics and integrity ▪ Balancing details and the big picture ▪ Capacity to delegate maximizing workforce potential ▪ Consensus building and decision-making Also , my skills include: Incident Response ▪ Crisis Management ▪ IaaS, PaaS and SaaS Cloud Security ▪ Security Architecture ▪ Security Strategy ▪ Application Security ▪ Segregation of Duties (SoD) ▪ Security Operations Center (SOC) ▪ Workplace as a Service ▪ Cyber Risk and Regulatory Management ▪ Talent Development ▪ Identity and Access Management (IAM) ▪ Threat and Vulnerability Management ▪ Endpoint Protection (EPP & EDR) ▪ Perimeter Protection ▪ Data Protection (GDPR) ▪ BYOD ▪ Digital Workspace ▪ API Security ▪ CSPM ▪ Project Management ▪ Audit, among others…

Experience

  • Chief Information Security Officer (CISO) at Holcim
    Oct 2025 - Present · 10 mos

  • Tenured Professor in Cybersecurity Master Degree at EIP International Business School
    Sep 2022 - Present · 3 yrs 11 mos

    Full Professor of the course 'Technologies and Processes of Identification, Prevention, Protection, Response, and Recovery".

  • Customer Advisory Board Member at SentinelOne
    Aug 2022 - Present · 4 yrs

    The SentinelOne Customer Advisory Board (CAB) comprises global C-level executives. By bringing together top leaders from the most important industries, CAB members have an open forum to review industry trends and offer guidance and insight to SentinelOne (S1) executives that will ultimately influence the company’s roadmap, priorities and direction. As SentinelOne CAB member I collaborate and strategize on SentinelOne's product and portfolio focus. Activities include: ● Innovation: Be the first to access and provide feedback on S1 features and enhancements. Participation in beta groups. ● Market Insights and strategy: Collaborate with industry peers and discuss industry trends/insights and top cyber security strategies in various organizations. ● Market Presence: Increase sphere of influence through thought leadership, speaking opportunities and event participation.

  • Customer Advisory Board Member at Tenable
    Sep 2018 - Present · 7 yrs 11 mos

    Appointed by Tenable as member of their Customer Advisory Board, to cover the following activities and responsibilities (not an exhaustive list): ● Share insights, changing industry trends, best practices and challenges that are common to the Fortune 2000 market. ● Provide validation of programs and strategies that are essential to achieving Tenable's business goals, and participate in formulating strategy refinement that reflects the changing reality of the marketplace. ● Provide input on potential solution and implementation approaches by Tenable. ● Provide insight into marketing strategies, distribution / channel issues, outsourcing issues and account management strategies. ● Participate in the current and next development life cycle at periodic review points.

  • Head of IT Security and Internal Control, at EMEA IT Services Division at LafargeHolcim IT EMEA
    Jan 2015 - Oct 2025 · 10 yrs 10 mos

    I spearhead information security strategy and operations for Holcim in EMEA, the world-leading manufacturer of building materials (cement, aggregates & concrete), encompassing only in EMEA 30,000+ employees and 52 countries to produce circa 10 B € annually in revenue. Additionally, I provide strategic direction for the implementation of a large-scale transformation program in cyber security covering IT and OT, cloud migration and digital workplace among other several projects. The following are highlights of my contributions to Holcim: ● Implemented and successfully achieved certification for ISO 27001 information security management system for IT Services in EMEA ● Implemented a global vulnerability management program with high levels of automation acting as project manager and including 20,000+ systems encompassing perimeter, critical infrastructure, servers, VIPs and workstations ● Rollout of Identity & Access Management (IAM) technology and processes for circa 20,000 identities across different countries and applications covering the entire accounts’ lifecycle ● Strategy definition, budgetary oversight and overall security management supervision ● Played a key role implementing Holcim's first global SOC in Mumbai covering AV, cloud proxy, SIEM and FW mngt in 24x7 mode ● Rollout or a global EDR solution for Holcim at large (65k systems) and associated MDR service ● WannaCry & NotPetya cyber incident response worldwide coordination and response. Coordination of crisis management readiness by conducting wargames ● Delivered an information security awareness program for 30,000 users in the EMEA zone reaching participation levels of 75%+ ● Secure innovations by collaborating with Holcim's digital team and other relevant stakeholders ● Achieved compliance with GDPR obtaining assurance from a Big4 firm ● Building workplaces in the cloud promoting the future work space by enabling mobility and usability