Security Analyst

Company Description

Valeo Foods Group is one of Europe’s leading producers and distributors of ambient consumer foods, with a wide European operational footprint, and presence in North America. Valeo has successfully expanded through acquisitive and organic growth since formation in 2010.

The coming years for Valeo will be about transformation to leverage the group size opportunity; to integrate the businesses in a more optimal way to extract synergies and upgrade capabilities for future growth, to enhance the commercial portfolio and to make a significant number of further acquisitions within our strategic growth categories.

Job Description

We're entering into a new era of security at Valeo Foods Group. Until now, each Valeo Company has managed IT security independently. But times are changing.

Enter the Group Information Security Department. Our goal? To elevate security standards across all Valeo companies in the face of rising cyber threats.

The security analyst is responsible for improving the overall security posture of the organization. The analyst evaluates, tests and documents security solutions and controls, and works closely with other security team members and IT Teams to remediate risk while ensuring the business is able to innovate.

The Security analyst will be responsible for reporting on the ongoing security posture, monitoring & driving security project implementations and delivery across all Valeo companies.

In this role you must continually adapt to stay a step ahead of cyber attackers and stay up to date on the latest methods attackers use to infiltrate computer systems. The Security Analyst is expected to consistently learn and grow and expand their skillset.

Essential Job Duties
 

• Security Solutions:
  • Implement and manage security solutions.
  • Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.

• Governance:
  • Assist with security configuration standards for systems and business applications.
  • Track progress of all security controls across all Valeo companies, facilitating monthly meetings with each to review progress and set upcoming targets.
  • Document and provide formal monthly reporting on security control status and security project implementation status.
  • Monitor and report on disaster recovery testing status across all Valeo companies.
  • Conduct and review vendor cyber risk assessments.

• Project Management:
  • Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met.
  • Participate in/project manage new security solution implementations.

• Incident Management:
  • Continuously monitor security alerts raised by SOC and respond to potential security incidents.
  • Serve as an additional security team member, aiding in incident response (IR) with the IR and SOC teams.
  • Maintain accurate documentation of security incidents.

• Vulnerability Management:
  • Manage the internal vulnerability management solution.
  • Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations (in conjunction with other Security team members) and validation.
  • Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure.

• Penetration testing
  • Run Penetration testing campaigns (from start to finish), liaising with 3rd parties and IT teams to track and ensure remediation as required.

Qualifications

• At least 3 years of information security experience (or combination of 3 to 5 years of IT system administration with security).
• Expertise in incident response and system monitoring and analysis.
• Ability to effectively communicate business risk as it relates to information security.
• Experience in conducting risk assessments that protect the business and adhere with compliance and privacy laws.
• Knowledge of multiple computing platforms, including Azure, Windows, Linux, Unix, networks and endpoints.
• Experience conducting organization-wide vulnerability scanning and remediation processes.
• Experience with Vulnerability management monitoring and remediation investigation.
• Experience with vulnerability and penetration testing engagements

Certification Requirements

• Relevant Security Certifications are advantageous - CompTIA Security+, CISSP, Certified Ethical Hacker (CEH), or equivalent.