Information Security Manager

Posted 6 days 22 hours ago by Story Terrace Inc.

Permanent
Not Specified
I.T. & Communications Jobs
London, United Kingdom
Job Description
The opportunity

We're looking for an Information Security Manager to take ownership of Attest's security posture as we scale.

Our consumer research platform helps brands make better decisions,keeping our data, people, and customers secure is critical to our success.

If you're excited about shaping security in a fast-growing SaaS company - without the bureaucracy of a big enterprise - this role is for you.

Salary

£70,000 - £80,000

In person and remote working balance

We embrace a flexible hybrid work model where Attesters work on-site 2 days per week. This approach allows us to collaborate in person, while ensuring enough time remotely for deep, focussed work. Learn more about our hybrid working philosophy here .

What You'll Do

As our Information Security Manager, you will define and implement security strategies, ensuring we maintain a strong security foundation without slowing down innovation. You'll work cross-functionally with Engineering, IT, and Legal to embed security across the business, enhance compliance, and proactively manage risks.

Key Responsibilities
  • Develop and implement security strategy : aligning security plans with business goals.
  • Own our security program: building and maintaining an information security management system.
  • Promote security culture : working closely with IT to educate and enable teams across Attest.
  • Support with compliance : partner with our Legal team to ensure adherence to ISO 27001, GDPR, and other standards.
  • Manage risk proactively : identify and mitigate vulnerabilities across cloud environments and applications.
  • Embed secure development : working with Engineering to integrate DevSecOps best practices.
  • Enhance threat detection and incident response : improving our ability to react quickly and effectively.
  • Assess and secure third-party vendors : ensuring strong security across our ecosystem of vendors and partners.
Amazing benefits

  • Work from anywhere up to 80 days a year

  • 25 days holiday per year plus additional festive days

  • £40 monthly wellbeing budget

  • £200 yearly L&D budget, plus access to a larger budget for qualifications and courses

  • Private Medical Insurance

  • Access to free therapy through Spill

  • 2 days per-month to do charity or community work

  • Enhanced parental leave (18 weeks paid leave for Primary carer)

  • Up to 12 weeks paid leave for premature births and neonatal care

  • Paid leave for IVF and fertility treatment and pregnancy loss

  • Share options

We'd love to hear from you, if

You are looking for a role where you can take ownership of security in a growing company, working with modern technologies and as part of a supportive team. This is a fantastic opportunity for someone to expand their expertise and leadership skills. In particular, we'd love to see:

  • Experience in information security , preferably in a SaaS or cloud-based environment.
  • Strong knowledge of cloud security (AWS, GCP, or Azure - we use AWS) and DevSecOps principles.
  • Experience of implementing and owning an ISO 27001 security framework .
  • Hands-on expertise in network security, application security, IAM, and incident response .
  • Proficiency with SIEM, IDS/IPS, WAFs, EDR, and vulnerability management tools .
  • Understanding of secure coding practices and ability to collaborate with engineering teams.
  • Strong communication skills to articulate security risks effectively to technical and non-technical audiences.
  • Certifications such as CISSP, CISM, CCSP, or OSCP are a plus but not required.
Why join Attest?
  • High impact: Own security in a growing SaaS company where your work matters.
  • Modern tech: Work with cutting-edge cloud security tools and practices.
  • Supportive team: Collaborate with Engineering, IT, Legal and others to build a secure and scalable business.
  • Hybrid flexibility: Enjoy a mix of remote deep work and in-person collaboration.
This role might not be for you if
  • You'd like to manage a team. This is currently an IC role, although you will have the support of other teams in the business.
  • You have never been through an ISO 27001 or similar security audit process.
  • You are looking for a role where you can be remote. We believe that the best way to collaborate is in person and so we have regular office days (twice a week) where we can collaborate and come up with new ideas and perspectives together.