Penetration Tester

Role: Penetration Testing & GRC Coordinator
Location: Sheffield (UK) - preference for local/regular on-site presence

Context & Rationale

Our client is strengthening its cyber security assurance and regulatory posture across a complex, multi-regional technology environment. As part of this, they require a specialist coordination role to ensure regulatory and risk-driven penetration testing programmes are delivered consistently, efficiently, and with clear accountability.

This is a non-hands-on penetration testing role. The value lies in orchestration, governance, stakeholder engagement, and clarity-particularly across geographically distributed teams and regulators.

A critical differentiator for this position is the need for fluent Arabic language capability, supporting engagement with MENAT (Middle East, North Africa & Turkey) technology teams and regulatory stakeholders.

Role Purpose

The Penetration Testing & GRC Coordinator will act as the central control point between:

• Internal technology and application teams

• Third-party penetration testing vendors

• Cyber security, risk, and compliance functions

• Regional MENAT stakeholders and regulators

The role ensures penetration testing is properly scoped, well-communicated, regulator-ready, and that outcomes are clearly understood and actioned internally.

Key Accountabilities Penetration Testing Coordination

• Coordinate end-to-end penetration testing activities across multiple technology teams.

• Ensure all required technical information, artefacts, and access details are gathered and validated prior to testing.

• Act as the primary interface with approved third-party penetration testing providers.

• Manage timelines, dependencies, and deliverables across concurrent testing engagements.

Reporting & Outcomes Management

• Receive, quality-check, and distribute penetration test reports.

• Support internal stakeholders in understanding findings, severity, and remediation expectations.

• Track remediation actions, re-testing requirements, and formal risk acceptance where applicable.

• Maintain auditable records of testing outcomes and closure status.

GRC & Regulatory Support

• Support regulatory-mandated penetration testing programmes and assurance activities.

• Ensure alignment with internal security policies, risk frameworks, and audit expectations.

• Assist with regulator-facing communications, particularly across MENAT, including Arabic-language engagement where required.

• Contribute to governance artefacts such as risk registers, assurance packs, and executive reporting.

Stakeholder Engagement

• Act as a trusted intermediary between technical teams, security leadership, risk/compliance, and external vendors.

• Translate technical outputs into clear, actionable insights for non-technical stakeholders.

• Support cross-regional collaboration and consistency of approach.

Candidate Profile Essential Experience

• Proven experience coordinating penetration testing, vulnerability management, or security assurance activities.

• Strong understanding of the penetration testing life cycle, reporting, and remediation processes.

• Experience operating within GRC, risk, audit, or regulatory security environments.

• Demonstrated ability to manage multiple stakeholders and workstreams simultaneously.

• Fluent Arabic (spoken and written) - non-negotiable.

• Strong professional English communication skills.

Desirable Experience

• Experience within regulated industries (eg financial services, large enterprise, critical infrastructure).

• Exposure to international or multi-regional operating models.

• Background in cyber security operations, technology risk, or assurance functions.

• Familiarity with common security and risk frameworks.

Location & Working Model

• Sheffield-based role with a strong preference for candidates able to attend the office regularly.

• Limited flexibility may be considered, but geographic proximity remains important due to stakeholder engagement needs.