Do you want to work for a world-leading manufacturer who strives to build a better future through sustainability and innovation? Are you looking for a new challenge in a stable, fast-growing sector?
Join us, and build your career by helping us build the future.
We are a global leader in sustainable products with more than 21,000 team members worldwide. From infinitely recyclable aluminum cans, cups, and aerosol bottles, to aerospace solutions that enable our customers to have a deeper understanding of our planet and the universe. We produce all these incredible things with one unique purpose: crafting a better community, a better society, a better world.
Moreover, each of us has a deep commitment to diversity and inclusion which is the foundation of our culture of belonging. And everyone at Ball is an everyday champion, making a difference by doing what we love.
We lead with our heads and our hearts and combine innovative thinking with a spirit of resiliency that keeps us moving forward in a relentless pursuit of new ways to make life, and the world, better. Whether we’re developing packaging that’s infinitely recyclable or aerospace innovations.Because what we create may change, but what we will always make is a difference.
The IT Governance, Risk & Compliance (GRC) Analyst is a critical member of the Global Ball Security & Compliance Team working for the GRC Manager. The GRC Analyst is responsible for all Global IT Security Policy and Awareness efforts, IT Risk Management, Regulatory Compliance and support of IT Audits. This position drives awareness of risk and appropriate measures to manage risk across the business, enabling business and technology stakeholders to make informed and accountable decisions with regards to the protection of Ball Corporation and its information assets.
Key responsibilities include:
Develop and maintain information security policies, standards and procedures, ensuring a compliant environment based on statutory, legal and Ball defined information security requirements
Work with stakeholders to globally ratify IT security policies and standards, including annual reviews and updates
Support IT security risk analysis and self-assessment program, perform assessments of the IT security / risk posture within the IT network, systems and software applications (including using third parties, as needed)
Perform vendor / supplier security risk assessments and provide business recommendations
Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios
Address questions and coordinate remediation from internal and external audits and examinations
Work with the rest of the Global Security Team to identify and resolve gaps in the security program with an aim to reduce the impact / occurrence of security related incidents
Coordinate and liaise with Legal, Internal Audit and Internal Control teams to support operational, legal, and regulatory requirements such as Global Data Privacy, SOX, HIPPA, etc.
Develop and support all aspects of the Ball information security training and awareness program including evaluation for program effectiveness and improvement
Interpret and summarize technical information for presentation to non-technical business resources
Partner with Global IT security to conduct and manage an ongoing company-wide cyber phishing training program
Partner with Corporate Communications to effectively convey security awareness messages to employees and contractors
Adapt strategy to incorporate and address emerging technologies and risks.
Create a metrics framework that can effectively measure engagement, behaviors, and impact
Collaborate with all teams to communicate and enforce security controls
2+ years of direct experience and expertise in information security or compliance for senior profiles 5+ years of relevant experience
Desirable 4+ years of experience in coordination of IT Security Policy, Risk Management, Compliance and Awareness efforts within a global corporation (multicultural environment) desired
Degree (BS or MS) in computer science/engineering, Cybersecurity or related field
Fluency in English and strong written and verbal communications
Desirable Professional certifications CISSP, CISM, CISA, SANS SEC 401
Very good understanding of IT security and governance standards including NIST, COBIT, ISO 27001.
Thorough understanding of security requirements of Sarbanes-Oxley and Data Privacy laws are desired
Very good understanding of security requirements for Cloud environment (e.g. Cloud Security Alliance)
Ability to translate complex security communications / messages in a simple, clear and concise manner to the various communities within our organization globally.
Understanding of the concepts of information risks and the different elements that make up risk
Ability to prioritize and multitask. Flexibility and adaptability in work approach
Strong collaborative skills and proven ability to work in a diverse global team
If you are interested in the position and your profile fits with the above requirements, please send us your resume.
Please note that only shortlisted candidates will be contacted.
firstname.lastname@example.org:~# Helloworld.rs koristi kolačiće kako bi ti pružao najbolje korisničko iskustvo. Nastavkom korišćenja
sajta smatraćemo da imamo saglasnost sa korišćenjem kolačića. Više o kolačićima možeš pročitati ovde.