Senior Analyst, Cyber GRC

Senior Analyst, Cyber GRC Company: Ball Corporation Location: Westminster, CO, US, 80021 Job Category: IT Administration Req. ID: 49560 At Ball, integrity and trust are the foundation of who we are. Guided by our core values—"We Care. We Work. We Win."—we create a culture where every voice matters and every idea drives progress. Together with our global employees, customers, and partners, we are returning bold sustainability goals to reality and shaping a future we can all be proud of. The Senior Analyst, Cybersecurity Governance, Risk, and Compliance (GRC) is responsible for defining and supporting the execution and day‑to‑day operation of Ball Corporation’s enterprise cybersecurity governance, risk management, and compliance programs. Reporting to the Director of Cybersecurity Governance, Risk, and Compliance, this role serves as a senior individual contributor who translates governance requirements and risk management expectations into practical, repeatable processes. The Senior Analyst ensures cybersecurity risks are identified, documented, tracked, and reported consistently, and that compliance obligations are supported through evidence, analysis, and coordination with internal stakeholders. Essential Responsible Areas: Support execution of the enterprise cybersecurity risk management program, including risk identification, assessment, documentation, and tracking. Perform cybersecurity risk analyses and prioritize risk based on business impact, likelihood, and risk tolerance. Support cybersecurity governance activities, including policy & standard creation, and security control lifecycle management. Lead cybersecurity compliance activities, including control evidence collection, assessment support, and remediation tracking. Partner with key stakeholders to lead internal and external cybersecurity audits by preparing documentation, responding to inquiries, developing remediation plans, and tracking findings. Lead cyber supply‑chain and third‑party risk management activities, including assessments and follow‑up actions. Contribute to cybersecurity metrics, dashboards, and management reporting. Document risk decisions, exceptions, and remediation actions to ensure transparency and audit readiness. Partner with Cyber Defense Operations, Security Architecture & Engineering, IT, and OT Security to ensure risk and compliance requirements are understood and addressed. Support regional business and technology teams in executing cybersecurity risk and compliance activities aligned to global standards. Assist with region‑specific regulatory and compliance requirements in coordination with the Director and other stakeholders. Facilitate communication between regional teams and corporate cybersecurity functions regarding risk assessments, findings, and remediation activities. Help ensure consistent application of cybersecurity governance processes across regions while supporting approved regional variations. Professional & Education Qualification: Bachelor’s degree in Information Security, Computer Science, Risk Management, Business Administration, or a related discipline required. Minimum of 5–8 years of experience in cybersecurity, technology risk, compliance, or related roles. Experience supporting risk assessments, audits, or compliance programs in a global or regulated environment preferred. Relevant cybersecurity or risk certifications preferred. Skills: Strong analytical skills with the ability to assess and document cybersecurity risks clearly and accurately. Attention to detail and disciplined approach to documentation and evidence management. Ability to communicate effectively with technical and non‑technical stakeholders. Strong organizational and coordination skills across multiple teams and activities. Ability to manage competing priorities and meet deadlines. Practical mindset that balances governance rigor with business realities. Knowledge: Working knowledge of cybersecurity governance, risk, and compliance concepts and frameworks. Understanding of how cybersecurity risk impacts business operations, manufacturing environments, and supply chains. Familiarity with audit processes, control assessments, and remediation tracking. Awareness of data protection and regulatory considerations affecting global organizations. Understanding of how cybersecurity governance supports resilience, regulatory posture, and executive decision‑making. Expected Hiring Salary Range: $110,300 - $157,620. This role will be eligible to participate in the annual incentive compensation plan. Preferred location: Westminster, CO campus; remote considered subject to experience, qualifications, and willingness to travel to Colorado campus. Hybrid On‑Site Work Environment: If based in Colorado, requires regular in‑person engagement, working on‑site for three or more days per work week with core collaboration days of Tuesday, Wednesday, and Thursday. Travel and local commute between Ball locations and other possible non‑Ball locations may be required. Ball Corporation is proud to be an Equal Opportunity Employer. We actively encourage applications from everybody. All qualified job applicants will receive consideration without regard to race, color, religion, creed, national origin, aboriginality, genetic information, ancestry, marital status, sex, sexual orientation, gender identity or expression, physical or mental disability, pregnancy, veteran status, age, political affiliation or any other non‑merit characteristic. Under Colorado, California, Connecticut, Minnesota, and Pennsylvania law, you have the right to exclude or redact age‑related details—such as your date of birth, school attendance dates, or graduation dates—from your resume, cover letter, CV, or other supporting documents (e.g., transcripts, certificates). Legal authorization to work in the U.S. We will not sponsor individuals for employment visa, now or in the future, for this job opening. #J-18808-Ljbffr