This is as a crucial role within our Data Governance & Information Security team and is responsible for co-ordinating and assisting with managing the penetration testing lifecycle process for technology releases across DGIS, including but not limited to, new asset projects, annual business-as-usual and regulatory testing requirements as well as ad hoc testing initiatives.
About the Team
Our Data Governance & Information Security team is at the heart of protecting the organisation's systems, data, and people. We work across all areas of the business to identify risks, strengthen defences, and ensure compliance with industry standards and regulations.
We value accountability, curiosity, and continuous improvement, and we're passionate about building a culture where security is second nature. Joining us means being part of a team that tackles evolving threats, drives awareness, and helps the organisation remain resilient and trusted.
What you need to do
We're seeking a Security testing co-ordinator that can co-ordinate, deliver and continuously improve a critical function to strengthen our Information Security team.
The role also schedules activities in alignment with project requirements. Responsibilities include arranging test execution to support technology release priorities and change initiatives, distributing detailed reports of findings, and assisting with the assignment and tracking of remediation actions.
These engagements involve close collaborations with both internal teams and external service providers, engaging with management and stakeholders to provide strategic insights, and collaborating with specialised groups such as the SOC, internal red and purple teams to ensure comprehensive security coverage.
Key responsibilities include
* Assist with the full penetration testing lifecycle, including technology releases, BAU schedules, PCI compliance, and ad hoc assessments. Ensure all activities align with enterprise security strategy, regulatory obligations, and organisational risk appetite.
* Review and prioritise testing scope based on risk assessment provided. Integrate security validation into project timelines to minimise exposure during technology deployments and critical change initiatives.
* Deliver actionable vulnerability reports, maintain visibility of organisational risk posture, and ensure timely remediation tracking to reduce exposure and strengthen security maturity.
* Maintain a centralised vulnerability management database with accurate asset information. Ensure data integrity to support informed decision-making and compliance reporting.
* Drive process optimisation and service enhancements using KPIs, lessons learned, and industry best practices. Foster continuous improvement to enhance testing efficiency and organisational security posture.
* Engage with SOC, red/purple teams, and external partners to ensure comprehensive threat coverage. Align testing activities with threat intelligence and enterprise risk management objectives.
Essential Criteria
* Demonstrated experience in coordinating penetration testing activities across complex technology environments, including BAU, regulatory, and project-based initiatives.
* Strong understanding of vulnerability management principles and penetration testing methodologies.
* Proven ability to manage multiple priorities and deadlines, ensuring alignment with organisational risk appetite and compliance requirements.
* Excellent stakeholder engagement skills, with experience collaborating across internal teams (e.g., SOC, red/purple teams) and external service providers.
* Competence in maintaining accurate records and reporting, including centralised vulnerability databases and remediation tracking.
* Ability to drive process improvements and implement best practices to enhance testing efficiency and security posture.
* Familiarity with relevant regulatory frameworks and standards (e.g., PCI DSS, ISO 27001, NIST).
* Strong organisational and communication skills, with attention to detail and a proactive approach to problem-solving.
* Familiarity of working with Jira.
Advantageous
* Ability to interpret and communicate technical findings to non-technical stakeholders.
* The role could suit someone who has an IT project or delivery management background and is intent on moving into Cyber Security.
* Implementing or editing Jira spaces to organise work, develop dashboards and improve workflows.
In return you'll get:
* Colleague discount across the multi-brands – Sainsbury's, Argos and Habitat
* Holiday allowance
* Bonus scheme
* Pension plan
* Special offers on gym memberships, restaurants, holidays, retail vouchers and more
Flexible working and job share conversations are encouraged. Across our multi-brands, we're proud to be an equal opportunities employer that champions a diverse and inclusive culture. If you're reading this, even if you're not 100% sure you're there with your experience, we'd still love to hear from you. If you'd like to find out more head to Sainsbury's Tech