We work with organisations of all sizes, working directly and through partners. Our smallest client has one employee and our largest clients operate globally with offices in multiple countries. Our clients are located in the UK, the EU, Australia, the United States and globally.
Our offices are in Southampton, London and Manchester and we have consultants based across the UK. We are certified to ISO 9001, ISO 27001 and Cyber Essentials and CREST approved for penetration testing and vulnerability assessment services.
Our clients operate in healthcare, financial services, travel, hospitality, marketing, education, construction, property management, technology, software development, software-as-a-service, local government, legal services, critical infrastructure and other sectors.
Our clients operate across multiple industries, and we support organisations from small start-ups to multi-national businesses.
We genuinely believe that good data protection and information security is a competitive advantage as well as a compliance obligation. Having a relationship of trust with your customers, partners and your wider supply chain is more important than ever.
At the same time, there isn’t a ‘one size fits all’ approach to privacy and security. Good data protection and information security need to be risk led and your approach to both should be aligned with your business strategy.
For these reasons, we start every engagement by learning as much about your organisation as we can. We’ll ask about your size, structure, management systems, working practices, culture, strategy and specific objectives from our engagement.
We pride ourselves on being transparent and taking a real-world approach to meeting your needs. We promise open communication, relationships built on respect, honesty and a strong work ethic with no hard sell.
Sean specialises in data protection, information risk and information security consulting. He is a qualified barrister, having been called to the Bar in 1998, and started his career as an in-house lawyer working in intellectual property, data protection and commercial contracts. He later progressed into commercial leadership roles, working in a number of sectors before specialising in governance, risk and compliance with a focus on privacy and security. Sean is also Managing Director at Evalian®.
His qualifications include IAPP CIPP-E, CIPT, GDPR Practitioner Certificate, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor and CISMP.
Philip consults on data protection and acts as an outsourced DPO for clients. He has a long history of working with innovative, technology-led businesses and in technology licensing. He is experienced in building and supporting operational and compliance business functions, including HR, ICT, H&S and Quality Management Systems. Phil is also Operations Director at Evalian®.
His qualifications include IAPP CIPP-E, ISO 27001 Lead Implementer, CIPD and APM. He also holds an MBA from Imperial College.
Chris is our Commercial Director, with responsibility for client care and business development. He has a strong knowledge of data protection, information security, penetration testing and ISO 27001.
Prior to joining Evalian®, Chris has worked with early-stage and fast-growing companies in the software, information security and data protection space, and has spent time living and working in Europe as well as here in the UK.
Nicola is a co-founder of Evalian® and has served as a director of the business since its formation. She supports business operations including facilities, finance, office management and company secretarial matters.
Before moving into business administration, Nik’s background was in life sciences at early-stage, growth companies. She has been instrumental in the development of new life science products and arising intellectual property rights, working with partners and collaborators in Europe and the US.
Marcus leads our cyber consulting team and is a senior security consultant specialising in cyber security; including strategy, security transformation, risk management, incident response and supply chain assurance. His career started in the British Army where he delivered multifaceted operational solutions often in austere settings. Since leaving the military, Marcus has worked in senior security consulting roles, across numerous sectors.
He has three Masters degrees including an MSc in Information Security from Royal Holloway, University of London; he holds ISACA's CISM and CGEIT certifications; is a Chartered Engineer and a graduate of the British Military's esteemed Advanced Command and Staff Course.
Alex is our Head of Penetration Testing Practice, specialising in security testing of IT infrastructure, web applications and mobile applications. He started his career as a software developer before moving into ethical hacking and security consulting. Alex leads our penetration testing team
His qualifications include Cyber Scheme Team Leader (CSTL), Offensive Security Certified Professional (OSCP) and Qualified Security Team Member (QTSM).
Ray specialises in data protection and information rights law. He is a qualified solicitor and worked in private practice and in-house in commercial law roles before focusing on data protection. Before joining Evalian® he was in-house counsel and Data Protection Officer for a high street financial services organisation and their associated businesses.
His qualifications include a First Class Honours Degree in Law, LPC (Distinction), Practitioner Certificate in Data Protection (PC.dp) and IAPP CIPP/E.
Daniel consults on ISO 27001, ISO 22301, ISO 9001 and business continuity. He has specialised in organisational resilience for much of his career, working as a consultant and in-house for multi-national organisations. He is also Head of our ISO & Business Continuity Practice.
He is an ISO 27001 and ISO 22301 Lead Auditor and a Member of the Business Continuity Institute, MBCI.
David is a senior security consultant specialising in governance, risk management, enterprise and systems architecture, and cloud security. He has worked across both commercial organisations and government departments in a variety of security-focused roles. Aside from information security, he has also previously advised on data protection, physical security, security of critical national infrastructure, and occasionally audited a management system or two.
Alongside his academic qualifications, his industry certifications include: (ISC)2’s CISSP and CCSP; IAPP’s CIPP/E; various Microsoft 365, Azure and AWS qualifications; and TOGAF 9 Practitioner. He is also a National Cyber Security Centre Certified Cyber Professional.
Matt consults on information and cyber security, including incident response, security awareness and training, security gap analysis and certification advisory. Matt started his career working in large multinationals where he gained experience delivering large system implementations, leading projects, and handling key stakeholder relations.
He holds an MSc in Information Security from Royal Holloway, University of London.
Thomas is one of our penetration testers, specialising in IT infrastructure and web application testing. He started his career as a creative media and software developer before moving into security consulting, centred around Cyber Essentials certification services.
His qualifications include CREST Practitioner Security Analyst (CPSA) and he is working towards gaining his CREST Registered Tester (CRT) qualification.
Fiona is one of our penetration testers, specialising in infrastructure, web app and mobile app testing. She has experience in information security within financial services organisations. She is particularly experienced in providing PCI DSS consultancy and testing to major banks, insurance companies and retail organisations.
Her qualifications include CRT, CISSP, OSCP, GWAPT and CISA.
Sneha works as a security consultant and penetration tester, with a range of experience testing web apps, mobile apps, and vulnerability testing. Over the past 4 years, Sneha has performed testing for banks, stock exchanges, manufacturing companies, and government agencies.
Sneha has completed a Bachelors in Instrumentation Engineering in India, followed by a PG Diploma in IT Infrastructure, Systems and Security (PG-DITISS).
Phillip consults on data protection, e-privacy and freedom of information, and acts as outsourced DPO for clients. He worked for the Information Commissioner's Office for 8 years, as a Case Officer and later as a Lead Policy Officer.
Since leaving the ICO, Phillip has worked as a specialist data protection consultant and outsourced Data Protection Officer. He holds the ISEB Practitioner Certificate in Data Protection.
Sandra is an experienced senior data protection consultant and is a designated DPO for Evalian® clients. Sandra spent much of her career as a litigation lawyer and over the last ten years has been focusing on specialising in data protection.
Sandra's qualifications include BCS Practitioner Certificate in Data Protection, ISEB Certificate in Data Protection, as well as being a FCILEx (Fellow of the Chartered Institute of Legal Executives).
Laura consults on data protection. Prior to joining Evalian® she worked for the Information Commissioners Office (ICO) and has over 8 years experience of working in data protection roles in the financial and retail sector.
Laura's qualifications include a Bachelors of Law (LLB) and the Data Protection Practitioners Certificate.
Ravi is an experienced data protection consultant and is a designated DPO for Evalian® clients. He has worked in data protection and privacy for over 8 years and as a data protection consultant for over 5 years. His experiences include multiple industries and sectors such as music, gaming, logistics, medical device, education and charities.
Ravi’s qualifications include an LL.B (Hons) Law and GDPR Practitioners Certificate.
Isabela is a Data Protection Consultant and a Certified International Privacy Professional in Europe and the UK. Prior to joining Evalian®, she worked for the global data protection and compliance department of a Fortune 500 company and as an outsourced Data Protection Consultant helping small and medium-sized businesses comply with data protection regulations.
Jonathan is a Data Protection Advisor, who has built up experience in both the private and public sectors. His work history includes roles within Information Governance and Freedom of Information as well as Corporate Services and Education Admissions.
At present, he holds the UK GDPR Practitioners Certificate and is currently working towards the BCS Practitioners Certificate in Data Protection.
Joe is our Business Development Manager and acts as the primary point of contact for new clients. He prides himself on always employing a trust-based sales methodology and ensuring every client’s needs and pain points are truly understood.
Prior to joining Evalian®, Joe has had a successful career working in sales, primarily in technology-focused companies. Most recently, he was Head of Sales for a software company in which he was a key member of the team, leading to the company securing external investment.
Lauren is our in-house Client Operations Manager. She sits at the heart of our business, making sure that our services are delivered to the highest quality and on time, our policies and processes are followed, and accurate time recording is maintained.
Before joining us she spent several years in performance analyst/project managerial roles in two leading cyber security consultancies. With strong communications skills, logical thinker, and problem solver, Lauren is great at building successful consultant/client relationships.
Kate is our Marketing Manager. She started out her career in graphic design and eLearning and has a number of years' experience in corporate branding, communications and marketing, predominantly within the Oil & Gas / Energy industry.
Her qualifications include a First Class Honours degree in Visual Communication from Robert Gordon University, as well as certificates in Social Media, Digital Marketing and Google Ads.
Hannah is our in house writer, working with consultants on articles, guides, advisories and blogs and writing our news updates on data protection and information security topics. She has a background in content creation and PR, specialising in technology, data and consumer topics.
Her qualifications include a BA in English Language and Literature from Royal Holloway University, London.
Graham is a senior software engineer, specialising in robust end-to-end websites, mobile and desktop applications. He started his career as hardware engineer at a local family-run computer shop.
Since leaving the field of hardware to go into software, Graham has worked on numerous projects over his years of experience, ranging from online auction software, prescription pharmaceutical solutions, to energy performance certificate calculation engines.
Tara is a junior software engineer, with a background in accounting and social care. Following a lifelong love of computing, Tara decided to pursue a new career and complete a BSc(Hons) in Computing with The Open University.
With years of hobbyist web development experience, Tara specialises in front-end development and project management and supports the development team.
Debbie is our Finance and Operations Manager. She is a qualified CIMA accountant with vast experience in Financial Management & Control in a range of businesses. She is our main contact for financial matters but also will be supporting the general business operations including HR and office administration.
Ed is our IT Manager with IT experience gained in multiple sectors including Managed services, Education and Financial Services. He has been involved in providing IT services to organisations ranging from start-ups to multi-national organisations.
Our team is growing and we are always on the lookout for skilled and experienced individuals. If you think you would be a “good fit” at Evalian®, then we would love to hear from you, particularly if you have experience in data protection, GDPR consultancy, cyber security or penetration testing.
Visit our careers page to view our latest roles and to apply. If you can’t see a job here suited to your expertise, please feel free to contact us with your CV and cover letter.