Cyber Security Architect

Technology is at the heart of YOOX NET-A-PORTER GROUP and is the driving force behind its success. Our in-house technology team allows The Group to give customers and brand partners the best possible experience across content and commerce, and to continually innovate and lead the online luxury industry._

The Information Security Function is an international team with team members based in London, Bologna and Milan. It is responsible for all aspects of the technical security of YNAP’s services in all markets. The teams that compose it are Cyber Engineering, Assurance, Operations and Governance. We also interface with the Richemont Group Cyber-Security team based in Geneva.

The Information Security Function is now looking for a talented Cyber Security Architect to join the team.

Some of the essentials for you to know are:
Location: Our office in Zola Predosa or Milan
- Reporting into: Global Head of Information Security
- Department Size: 20 people (Approx.)

As a Cyber Security Solution Designer and Architect within the Information Security Team you will work with the Global Head of Cyber Security, Cyber Security Assurance Manager, Cyber Security Engineering Manager and team Security Architect to investigate new cyber technologies, assist in the trial and later design for deployment of such technologies within the YNAP Group. This will be part of a philosophy to continually enhance the security of YNAP systems and data.

This work will span from reviewing possible new technologies, planning and introduction of a Proof-of-Concept trials, improving the configuration and efficacy of existing systems through to scoping and designing the introduction of new technologies, enhancement of existing technologies or the decommission of services.

You should have a solid technical understanding and background and be equally comfortable helping to investigate new approaches to secure system, designing solutions and assisting in deployment planning and coaching other team members in new technologies and techniques. You can both ‘think strategy’ and roll your sleeves up and help get things delivered.

Here's a background of what you'll be doing:
- Gaining a total understanding of the organization’s technology and information systems- Responsible for design and test aspects of enterprise-class security systems, create and maintain low level design documentation- Planning, researching, and designing reliable, powerful, and flexible security architectures for all IT projects- Researching the latest security standards, new security systems, and updated authentication protocols-
- Collaborate with the Cyber Security Assurance to create solutions that balance business requirements with information and cyber security requirements- Design solutions to mitigate threats as they emerge- Engage with and support projects/efforts seeking to implement secure solutions to meet compliance and regulatory standards (e.g. GDPR, PCI-DSS)- Work closely with Engineers to oversee and support Solution Implementation and Service Introduction- Collaborate to any security-related incidents (e.g., data breaches, viruses, phishing scams) and providing a complete post-event analysis once there is a resolution- Assist in identifying security design gaps in existing and proposed architectures, and drive change or enhancement- Continually review our security environment working to identify security gaps and evaluating and driving enhancements- Align security tooling landscape and configuration with overall business and technology strategy- Assess and evaluate the impact of proposed changes to identify Risk and work to minimise identified Risks through technical solutions- Make and drive recommendations to improve operational effectiveness- Provide go/no go to projects based on Security test outputs and remediation activities.- Work closely with Engineers within the team to ensure systems and services are aligned with designs, and to lead / mentor technical decision making.- Maintain a good awareness of the network flows processed through each tool allowing you to make rapid assessments of the impact of proposed changes.- Collaborate with other infrastructure and ecommerce teams as well as external vendors, either around resolving issues and enhancing the protection delivered by services, or evaluating new possible solutions to address old problems in a more effective and efficient manner.

The type of person we're looking for:
- Proven deep experience in Information Security and IT Risk Management in leading companies- Excellent knowledge of Cloud architectures, Network and IT Services and Technologies (AWS, Azure)-
- Mastering in networking design with focus on security requirements, such as segmentation/zoning, firewalling- Excellent knowledge of cyber security architectures such as NAC, Firewall, IPS/IDS, WAF, EDR, IAM, PAM, SIEM, etc.-
- Expertise with modern and common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.)- Good knowle