Penetration Tester

Role: Penetration Testing & GRC Coordinator
Location: Sheffield (UK) - preference for local/regular on-site presence

Context & Rationale

Our client is strengthening its cyber security assurance and regulatory posture across a complex, multi-regional technology environment. As part of this, they require a specialist coordination role to ensure regulatory and risk-driven penetration testing programmes are delivered consistently, efficiently, and with clear accountability.

This is a non-hands-on penetration testing role. The value lies in orchestration, governance, stakeholder engagement, and clarity-particularly across geographically distributed teams and regulators.

A critical differentiator for this position is the need for fluent Arabic language capability, supporting engagement with MENAT (Middle East, North Africa & Turkey) technology teams and regulatory stakeholders.

The Penetration Testing & GRC Coordinator will act as the central control point between:

• Internal technology and application teams
• Third-party penetration testing vendors
• Cyber security, risk, and compliance functions
• Regional MENAT stakeholders and regulators

The role ensures penetration testing is properly scoped, well-communicated, regulator-ready, and that outcomes are clearly understood and actioned internally.

• Coordinate end-to-end penetration testing activities across multiple technology teams.
• Ensure all required technical information, artefacts, and access details are gathered and validated prior to testing.
• Act as the primary interface with approved third-party penetration testing providers.
• Manage timelines, dependencies, and deliverables across concurrent testing engagements.

• Receive, quality-check, and distribute penetration test reports.
• Support internal stakeholders in understanding findings, severity, and remediation expectations.
• Track remediation actions, re-testing requirements, and formal risk acceptance where applicable.
• Maintain auditable records of testing outcomes and closure status.

• Support regulatory-mandated penetration testing programmes and assurance activities.
• Ensure alignment with internal security policies, risk frameworks, and audit expectations.
• Assist with regulator-facing communications, particularly across MENAT, including Arabic-language engagement where required.
• Contribute to governance artefacts such as risk registers, assurance packs, and executive reporting.

• Act as a trusted intermediary between technical teams, security leadership, risk/compliance, and external vendors.
• Translate technical outputs into clear, actionable insights for non-technical stakeholders.
• Support cross-regional collaboration and consistency of approach.

• Proven experience coordinating penetration testing, vulnerability management, or security assurance activities.
• Strong understanding of the penetration testing life cycle, reporting, and remediation processes.
• Experience operating within GRC, risk, audit, or regulatory security environments.
• Demonstrated ability to manage multiple stakeholders and workstreams simultaneously.
• Fluent Arabic (spoken and written) - non-negotiable.
• Strong professional English communication skills.

• Experience within regulated industries (eg financial services, large enterprise, critical infrastructure).
• Exposure to international or multi-regional operating models.
• Background in cyber security operations, technology risk, or assurance functions.
• Familiarity with common security and risk frameworks.

• Sheffield-based role with a strong preference for candidates able to attend the office regularly.
• Limited flexibility may be considered, but geographic proximity remains important due to stakeholder engagement needs.