Cyber Security Governance Jobs (NOW HIRING)

At Ball, integrity and trust are the foundation of who we are. Guided by our core values-"We Care. We Work. We Win."-we create a culture where every voice matters and every idea drives progress.  

Together with our global employees, customers, and partners, we're turning bold sustainability goals into reality and shaping a future we can all be proud of. 

Create a new future. Apply Today. 

The Director of Cybersecurity Governance, Risk, and Compliance (GRC) is accountable for designing, building, and leading enterprisewide cyber risk governance, regulatory compliance strategy, and boardlevel risk reporting for Ball Corporation's global manufacturing and supplychaindriven business. This role sets the enterprise cyber risk posture, translates business risk appetite into enforceable governance mechanisms, and ensures cybersecurity risk is measured, reported, and managed as a business risk and not a purely technical concern. The Director serves as Ball's primary authority on cybersecurity risk governance, regulatory compliance and assurance, and acts as a trusted advisor to the CISO, executive leadership, Legal, Internal Audit, and the Board. The role owns and governs all Security GRC subcapabilities: 1) Security Governance & Program Management, 2) Security Risk Management, 3) Security Assessments & Compliance Management, 4) CyberSupply Chain Risk Management, 5) Business Continuity Planning (cyber integration), 6) Security Training & Awareness, 7) Cyber Metrics and Reporting.

Essential Responsible Areas:

• Establish and maintain the enterprise cybersecurity governance framework, including policies, standards, risk taxonomy, and accountability models, with a focus on building out missing program elements to elevate maturity.
• Define and operationalize the enterprise cyber risk management program, including risk identification, assessment, prioritization, escalation, and reporting.
• Own executive and Boardlevel cybersecurity risk & metrics reporting, ensuring alignment to business impact, materiality, and risk tolerance.
• Lead the global cybersecurity compliance strategy, ensuring alignment with applicable regulatory, legal, and contractual requirements, with an emphasis on establishing rigorous security controls and repeatable compliance processes.
• Provide senior oversight of cybersecurity audits, assessments, and assurance activities; ensure consistent and defensible outcomes.
• Govern cyber supplychain and thirdparty risk management, embedding security risk considerations into vendor lifecycle processes.
• Ensure cybersecurity risk is integrated into business continuity, crisis management, and enterprise resilience planning.
• Build, lead, develop, and mentor the Security GRC team, establishing clear interfaces with other cybersecurity and business functions.
• Ensure cybersecurity governance and compliance requirements are appropriately tailored to regional regulatory, legal, and operational realities while maintaining global consistency.
• Partner with regional business and technology leaders to address localized cyber risk scenarios, including manufacturing, operational technology (OT), and supplychain considerations.
• Oversee regional regulatory compliance obligations (e.g., data protection, critical infrastructure, export controls) and support regulatory inquiries or audits as required.
• Enable effective risk communication and escalation between regions and corporate leadership, ensuring timely visibility of material risks.

Required Qualifications:

• Bachelor's degree in Information Security, Computer Science, Risk Management, Business Administration, or a related field required; Master's degree (e.g., MBA or MS in Information Security/Risk Management) strongly preferred.
• Minimum of 15 years of progressive experience in cybersecurity, technology risk, or enterprise risk management, including 7+ years leading and building GRC, risk, or compliance functions within complex, preferably global, organizations.
• Demonstrated experience operating in regulated, assetintensive, or manufacturingcentric environments.
• Deep knowledge of cybersecurity governance, risk, and compliance frameworks (with experience implementing NIST CSF and ISO 27001), and familiarity with relevant regulations (e.g., SOX ITGC, data protection laws).
• CISSP or CISM certification required; CRISC, CGEIT, or similar riskfocused certification strongly preferred.