Information Security Manager

We're looking for an Information Security Manager to take ownership of Attest's security posture as we scale.

Our consumer research platform helps brands make better decisions; keeping our data, people, and customers secure is critical to our success.

If you're excited about shaping security in a fast-growing SaaS company - without the bureaucracy of a big enterprise - this role is for you.

£70,000 - £80,000

We embrace a flexible hybrid work model where Attesters work on-site 2 days per week. This approach allows us to collaborate in person while ensuring enough time remotely for deep, focused work. Learn more about our hybrid working philosophy here .

As our Information Security Manager, you will define and implement security strategies, ensuring we maintain a strong security foundation without slowing down innovation. You'll work cross-functionally with Engineering, IT, and Legal to embed security across the business, enhance compliance, and proactively manage risks.

• Develop and implement security strategy: aligning security plans with business goals.
• Own our security program: building and maintaining an information security management system.
• Promote security culture: working closely with IT to educate and enable teams across Attest.
• Support with compliance: partner with our Legal team to ensure adherence to ISO 27001, GDPR, and other standards.
• Manage risk proactively: identify and mitigate vulnerabilities across cloud environments and applications.
• Embed secure development: working with Engineering to integrate DevSecOps best practices.
• Enhance threat detection and incident response: improving our ability to react quickly and effectively.
• Assess and secure third-party vendors: ensuring strong security across our ecosystem of vendors and partners.

• Work from anywhere up to 80 days a year
• 25 days holiday per year plus additional festive days
• £40 monthly wellbeing budget
• £200 yearly L&D budget, plus access to a larger budget for qualifications and courses
• Private Medical Insurance
• Access to free therapy through Spill
• 2 days per month to do charity or community work
• Enhanced parental leave (18 weeks paid leave for Primary carer)
• Up to 12 weeks paid leave for premature births and neonatal care
• Paid leave for IVF and fertility treatment and pregnancy loss
• Share options

You are looking for a role where you can take ownership of security in a growing company, working with modern technologies and as part of a supportive team. This is a fantastic opportunity for someone to expand their expertise and leadership skills. In particular, we'd love to see:

• Experience in information security, preferably in a SaaS or cloud-based environment.
• Strong knowledge of cloud security (AWS, GCP, or Azure - we use AWS) and DevSecOps principles.
• Experience of implementing and owning an ISO 27001 security framework.
• Hands-on expertise in network security, application security, IAM, and incident response.
• Proficiency with SIEM, IDS/IPS, WAFs, EDR, and vulnerability management tools.
• Understanding of secure coding practices and ability to collaborate with engineering teams.
• Strong communication skills to articulate security risks effectively to technical and non-technical audiences.
• Certifications such as CISSP, CISM, CCSP, or OSCP are a plus but not required.

• High impact: Own security in a growing SaaS company where your work matters.
• Modern tech: Work with cutting-edge cloud security tools and practices.
• Supportive team: Collaborate with Engineering, IT, Legal and others to build a secure and scalable business.
• Hybrid flexibility: Enjoy a mix of remote deep work and in-person collaboration.

• You'd like to manage a team. This is currently an IC role, although you will have the support of other teams in the business.
• You have never been through an ISO 27001 or similar security audit process.
• You are looking for a role where you can be remote. We believe that the best way to collaborate is in person and so we have regular office days (twice a week) where we can collaborate and come up with new ideas and perspectives together.