Company Description

Evelyn Partners is a UK leader in wealth management, providing personalised, expert investment management and financial planning advice to support clients in embracing what’s next.

Our success hinges on our people and that’s our secret for longevity. We are a team of passionate professionals and everything we do is guided by our purpose – placing the power of good advice into more hands, we go further to understand the needs of our clients and what matters most to them. We’re here to help them make significant decisions with confidence, provide strong foundations for the future and guide them towards their goals.

Job Description

What will you be doing?

We’re seeking a talented individual to join our team in Liverpool, which is responsible for the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across the Evelyn Partners Enterprise.

You will play a crucial role in ensuring our organisation’s compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.

As Information Security Compliance Analyst, your responsibilities will include among others:

• Define, develop, and maintain security best practice by implementing technical standards, policies, and processes, and providing expert advice to stakeholders to ensure regulatory and legal compliance.
• Drive continuous improvement of the security posture through internal and external cybersecurity collaboration, actively contributing to industry and partner engagements.
• Prepare and present clear, actionable security reports, including risk metrics, trends, findings, and ratings, to inform decision‑making by senior stakeholders.
• Lead information security risk management activities, including risk assessments, control reviews, residual risk evaluation, and recommending mitigating actions; maintain and manage the security risk register.
• Identify and assess emerging and existing information security risks using internal sources (e.g. audits, penetration tests) and external intelligence (e.g. threat feeds, industry advisories), ensuring risks to confidentiality, integrity, and availability are effectively managed.
• Support compliance and engagement initiatives by managing ISMS activities, audits, certifications (e.g. ISO 27001, Cyber Essentials, NIST CSF), and working closely with internal teams and security partners to embed a strong, risk‑aware security culture.

Qualifications

To be successful in this role, you should:

• A minimum of 3 years experience in an Information Security based role, dealing specifically with governance, risk and compliance areas and undertaking information security in both a waterfall and an agile context.
• Prior experience writing Information Security related Policies, Processes and Procedures.
• Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
• A record of accomplishment of effectively analysing security controls, while understanding the risk of certain controls not being in place.
• The ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders while working proactively, pragmatically and collaboratively in a fast-paced working environment, balancing multiple concurrent activities.
• Experience in using standards such as ISO 27001 (Implementation, Compliance, Certification, and audit reviews), NIST CSF, and Cyber Essentials.

Desired:

• Degree or equivalent in Information Technology or Risk Management is preferred.
• Certification in Information Security domains is preferred, especially around ISO27001.
• Certification in cloud architectures is advantageous, especially Microsoft Azure

Additional Information

As a colleague here at Evelyn Partners, you will have access to benefits that include:

• Competitive salary
• Private medical insurance
• Life assurance
• Pension contribution
• Hybrid working model (role dependant)
• Generous holiday package
• Option to purchase additional holiday
• Shared parental leave

We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At Evelyn Partners we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workspace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.

Location: Abidjan, Côte I’voire or Dakar, Senegal

About Djamo

Djamo is a Series B neobank serving over 1 million customers across Francophone Africa. We’re the first fintech to receive a BCEAO microfinance license and the leading card issuer in Côte d’Ivoire. Our engineering team is 27 strong, organized into cross-functional squads that own end-to-end product experiences, from virtual cards and transactions to savings, credit, and customer support.

We’re growing fast, but we’re deliberate about how. We care about reliability, security, and shipping things that actually work for our customers.

Why this role exists

We’re a bank. Security isn’t optional, it’s existential. Today we rely on external vendors for penetration testing across four scopes: our Dakar office, Abidjan office, cloud infrastructure, and applications.

We need an in-house penetration tester who knows Djamo deeply, can test continuously rather than annually, and becomes a true security partner to our engineering teams. This hire saves money from year one while dramatically improving our security posture.

What you’ll do

• Plan and execute penetration tests across all four scopes: office networks (Dakar, Abidjan), cloud infrastructure (AWS), and applications (web + mobile).
• Conduct regular vulnerability assessments and produce clear, actionable reports for engineering teams.
• Work with engineering squads to verify fixes and retest after remediation.
• Contribute to Djamo’s security posture by identifying systemic weaknesses, not just individual vulnerabilities.
• Support PCI DSS compliance by providing evidence of regular security testing.
• Stay current on emerging threats and attack techniques relevant to fintech and banking.
• Travel periodically to Abidjan and Dakar offices for on-site network and physical security assessments.

What we’re looking for

Must have:

• 3+ years of hands-on penetration testing experience.
• Strong web application and API security testing skills (OWASP Top 10 and beyond).
• Network penetration testing experience (internal and external).
• Experience with common pen testing tools: Burp Suite, Nmap, Metasploit, Nessus/OpenVAS, etc.
• Ability to write clear, prioritized vulnerability reports that engineering teams can act on.
• Clear communication in English: written and verbal.
• Willingness to travel periodically between Dakar and Abidjan.

Strong plus:

• OSCP, OSCE, OSWE, or equivalent certification.
• CEH, GPEN, or other recognized security certifications.
• Mobile application security testing (Android/iOS).
• Cloud security assessment experience (AWS).
• Experience in fintech, banking, or PCI DSS-regulated environments.
• French-speaking.
• Experience with infrastructure-as-code security review (Terraform, Kubernetes).

What we’re NOT looking for:

• Someone who runs automated scanners and calls it a pen test. We need manual testing depth.
• A researcher who can find vulnerabilities but can’t communicate them clearly to developers.

What success looks like after 6 months

• You’ve completed a full cycle of pen tests across all four scopes.
• Engineering teams trust your reports and act on them promptly.
• We’ve reduced or eliminated our dependency on external pen test vendors.
• You’ve identified and helped remediate systemic security issues, not just surface-level findings.
• You have a testing calendar that ensures continuous coverage rather than annual point-in-time assessments.

How we work

• Remote-first, asynchronous by default.
• Small engineering team (27 engineers) your impact will be visible and immediate.
• We take reliability and security seriously: we’re a bank, not a social app.
• You’ll work closely with the ISSM, engineering squads, and infrastructure team.

Why work at Djamo

• Balance between autonomy and collaboration, insight and intuition, work and life.
• Work in small, open, friendly teams to create beloved products and services.
• Ethical and stimulating environment.
• Contribute to the rapid expansion of a startup in French-speaking Africa.
• Positively impact millions by providing simple and fair banking.
• Collaborative, fun environment with strong team spirit and a culture of continuous employee development.

We will consider all applications on the same basis. Djamo is an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. You are not ticking every box or thinking you’ve got that unique set of skills we haven’t realized we need. Apply anyway; we’re always looking to add great people at every level.

Type of contract

CDD / CDI - for residents of Côte d’Ivoire or Sénégal

Desired start date

June 2026

Sector of activity

Mobile Financial Services