Director of Security & Trust

Attio is on a mission to redefine CRM for the AI era.

We’re building the first AI-native CRM — designed for the most ambitious go-to-market teams. We recently announced our $52M Series B, led by GV (Google Ventures), with support from Redpoint, Balderton, Point Nine, and 01A. Our team thrives on solving complex technical challenges, delighting our users, and setting a new standard for the industry.

About the role

Our Engineering team tackles the toughest challenges, so our users never have to. Real-time infrastructure, AI-native architecture, and a frontend that feels effortless — all powered by a team that moves fast, thinks rigorously, and holds an exceptionally high bar for quality.

We’re looking for a Director of Security & Trust who cares deeply about delivering a secure service in a high scale, multi-tenant SaaS context — and wants to help reinvent how millions of people work.

What you'll do

• Build and lead Attio’s Security function. Create policy and best practice, implement compliance programs, and recruit and develop a recognized leading security team as the company rapidly scales.
• Develop and execute a world-class Product Security program. Secure Attio’s large-scale SaaS platform, and the sensitive customer data on which it operates, ultimately delivering and safeguarding customer trust in the Attio brand. Ensure that Attio is at the forefront of secure software development and operational practices.
• Lead Attio’s Corporate Security program. Create and implement Information Security policy and compliance mechanisms; select and implement appropriate security vendors and tools.
• Drive Attio’s compliance with appropriate security frameworks and certifications, e.g. ISO 27001, GDPR, SOC2.
• Represent Attio externally on security topics; be a trusted security partner for Attio’s customers, and participate in industry events to build brand awareness.
• Lead security incident response; deeply understand security issues and their associated root causes and risks, create remediation plans, and drive to resolution.

What you'll bring

• Experience securing Web applications, REST APIs, and cloud-native architectures
• Proficiency in threat modelling and finding security flaws in source code
• Experience with vulnerability management and supply chain security
• Practical understanding of cryptography, key management, and data protection
• Strong coding and automation skills, especially in building security into CI/CD pipelines
• Experience with TypeScript, Node.js, or Pulumi is a nice to have
• Full understanding of the Application Security and Data Privacy landscape in a high scale, multi-tenant SaaS context.
• Appreciation of the tools and techniques used to secure SaaS applications, through prevention, detection and remediation of security issues. Understanding of how to integrate those tools into an effective, scalable, cost-efficient program that delivers a secure service and builds customer trust.
• Understanding of the requirements of the various applicable security certifications and frameworks, and the ability to run programs which deliver compliance.
• First-class incident response skills, through the entire incident lifecycle of detection, remediation, clean-up, and post-incident corrective action.
• Ability to communicate Attio’s security philosophy and technical approach to a wide variety of audiences; equally at home discussing technical detail of a security issue with an engineer, and with a Fortune 500 CEO. Ability to understand and contextualize security risks to Attio, and communicate those risks actionably at board level.
• Ability to recruit, retain and develop a high-quality Information Security team which continues to deliver for the business as Attio scales.

Nice to have’s

• Experience of running an Application Security program in a high scale, multi-tenant SaaS context.
• Experience of running a Corporate Security or IT Security program in a >100 person organization.
• Experience of hiring and managing a team of Security Engineers, and working with cross-functional partners.
• Experience of security certification and re-certification programs.
• Project or program management experience.
• Background in software engineering or systems administration.

What we offer

• Equity in an early-stage tech company on an incredible trajectory
• 25 days holiday plus local public holidays
• Apple hardware
• Private medical insurance through AXA
• Pension contribution through Hargreaves Lansdown
• Enhanced family leave
• Team off-site in fun places! (We've been to Barcelona, Lisbon, Malta, and Split so far)

What does the hiring process look like?

1. Recruiter Screen ~ 30 minutes

2. Hiring Manager Interview ~ 30 minutes

3. Technical Rounds ~ 3 x 45 minute interviews

4. Final call with CEO ~ 30 minutes

5. Offer Stage