Senior Analyst, Cyber GRC

At Ball, integrity and trust are the foundation of who we are. Guided by our core values—"We Care. We Work. We Win.”—we create a culture where every voice matters and every idea drives progress.  

Together with our global employees, customers, and partners, we’re turning bold sustainability goals into reality and shaping a future we can all be proud of. 

Create a new future. Apply Today. 

Primary purpose of the position: 

The Senior Analyst, Cybersecurity Governance, Risk, and Compliance (GRC) is responsible for defining and supporting the execution and day‑to‑day operation of Ball Corporation’s enterprise cybersecurity governance, risk management, and compliance programs.

Reporting to the Director of Cybersecurity Governance, Risk, and Compliance, this role serves as a senior individual contributor who translates governance requirements and risk management expectations into practical, repeatable processes. The Senior Analyst ensures cybersecurity risks are identified, documented, tracked, and reported consistently, and that compliance obligations are supported through evidence, analysis, and coordination with internal stakeholders.

Essential Responsible Areas:

• Support execution of the enterprise cybersecurity risk management program, including risk identification, assessment, documentation, and tracking.
• Perform cybersecurity risk analyses and prioritizate risk based on business impact, likelihood, and risk tolerance.
• Support cybersecurity governance activities, including policy & standard creation, and security control lifecycle management.
• Lead cybersecurity compliance activities, including control evidence collection, assessment support, and remediation tracking.
• Partner with key stakeholders to lead internal and external cybersecurity audits by preparing documentation, responding to inquiries, developing remediation plans, and tracking findings.
• Lead cyber supply‑chain and third‑party risk management activities, including assessments and follow‑up actions.
• Contribute to cybersecurity metrics, dashboards, and management reporting.
• Document risk decisions, exceptions, and remediation actions to ensure transparency and audit readiness.
• Partner with Cyber Defense Operations, Security Architecture & Engineering, IT, and OT Security to ensure risk and compliance requirements are understood and addressed.
• Support regional business and technology teams in executing cybersecurity risk and compliance activities aligned to global standards.
• Assist with region‑specific regulatory and compliance requirements in coordination with the Director and other stakeholders.
• Facilitate communication between regional teams and corporate cybersecurity functions regarding risk assessments, findings, and remediation activities.
• Help ensure consistent application of cybersecurity governance processes across regions while supporting approved regional variations.

Professional & Education Qualification:

• Bachelor’s degree in Information Security, Computer Science, Risk Management, Business Administration, or a related discipline required.
• Minimum of 5–8 years of experience in cybersecurity, technology risk, compliance, or related roles.
• Experience supporting risk assessments, audits, or compliance programs in a global or regulated environment preferred.
• Relevant cybersecurity or risk certifications preferred.

Skills:

• Strong analytical skills with the ability to assess and document cybersecurity risks clearly and accurately.
• Attention to detail and disciplined approach to documentation and evidence management.
• Ability to communicate effectively with technical and non‑technical stakeholders.
• Strong organizational and coordination skills across multiple teams and activities.
• Ability to manage competing priorities and meet deadlines.
• Practical mindset that balances governance rigor with business realities.

Knowledge:

• Working knowledge of cybersecurity governance, risk, and compliance concepts and frameworks.
• Understanding of how cybersecurity risk impacts business operations, manufacturing environments, and supply chains.
• Familiarity with audit processes, control assessments, and remediation tracking.
• Awareness of data protection and regulatory considerations affecting global organizations.
• Understanding of how cybersecurity governance supports resilience, regulatory posture, and executive decision‑making.