Role: Penetration Testing & GRC Coordinator
Location: Sheffield (UK) - preference for local/regular on-site presence
Context & Rationale
Our client is strengthening its cyber security assurance and regulatory posture across a complex, multi-regional technology environment. As part of this, they require a specialist coordination role to ensure regulatory and risk-driven penetration testing programmes are delivered consistently, efficiently, and with clear accountability.
This is a non-hands-on penetration testing role. The value lies in orchestration, governance, stakeholder engagement, and clarity-particularly across geographically distributed teams and regulators.
A critical differentiator for this position is the need for fluent Arabic language capability, supporting engagement with MENAT (Middle East, North Africa & Turkey) technology teams and regulatory stakeholders.
Role Purpose
The Penetration Testing & GRC Coordinator will act as the central control point between:
Internal technology and application teams
Third-party penetration testing vendors
Cyber security, risk, and compliance functions
Regional MENAT stakeholders and regulators
The role ensures penetration testing is properly scoped, well-communicated, regulator-ready, and that outcomes are clearly understood and actioned internally.
Key Accountabilities Penetration Testing Coordination
Coordinate end-to-end penetration testing activities across multiple technology teams.
Ensure all required technical information, artefacts, and access details are gathered and validated prior to testing.
Act as the primary interface with approved third-party penetration testing providers.
Manage timelines, dependencies, and deliverables across concurrent testing engagements.
Reporting & Outcomes Management
Receive, quality-check, and distribute penetration test reports.
Support internal stakeholders in understanding findings, severity, and remediation expectations.
Track remediation actions, re-testing requirements, and formal risk acceptance where applicable.
Maintain auditable records of testing outcomes and closure status.
GRC & Regulatory Support
Support regulatory-mandated penetration testing programmes and assurance activities.
Ensure alignment with internal security policies, risk frameworks, and audit expectations.
Assist with regulator-facing communications, particularly across MENAT, including Arabic-language engagement where required.
Contribute to governance artefacts such as risk registers, assurance packs, and executive reporting.
Stakeholder Engagement
Act as a trusted intermediary between technical teams, security leadership, risk/compliance, and external vendors.
Translate technical outputs into clear, actionable insights for non-technical stakeholders.
Support cross-regional collaboration and consistency of approach.
Candidate Profile Essential Experience
Proven experience coordinating penetration testing, vulnerability management, or security assurance activities.
Strong understanding of the penetration testing life cycle, reporting, and remediation processes.
Experience operating within GRC, risk, audit, or regulatory security environments.
Demonstrated ability to manage multiple stakeholders and workstreams simultaneously.
Fluent Arabic (spoken and written) - non-negotiable.
Strong professional English communication skills.
Desirable Experience
Experience within regulated industries (eg financial services, large enterprise, critical infrastructure).
Exposure to international or multi-regional operating models.
Background in cyber security operations, technology risk, or assurance functions.
Familiarity with common security and risk frameworks.
Location & Working Model
Sheffield-based role with a strong preference for candidates able to attend the office regularly.
Limited flexibility may be considered, but geographic proximity remains important due to stakeholder engagement needs.