Business Information Security Officer

Who We Are:

At Avnet relationships matter. We are a global FORTUNE 500 technology distributor and solutions company that delivers design supply chain and logistics expertise to customers at every stage of a products lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. Were driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology.

Working at Avnet means being a part of a global team. We work collaboratively and with integrity doing business the right way. For more than a century we have partnered together to help our customers suppliers and teammates realize the transformative possibilities of technology. Experience whats next at Avnet!

Key Responsibilities

The Business Information Security Officer (BISO) is a critical enabler of cybersecurity across Avnets global business operations. Acting as the unified bridge between enterprise cybersecurity governance and Avnets diverse business units the BISO ensures that security compliance and risk management practices are consistently aligned with enterprise IT strategy while remaining responsive to the distinct needs of each business segment.

This role provides embedded business-facing security leadershiptranslating cybersecurity policy risk posture and strategic priorities into actionable contextual guidance that supports operational decision-making revenue growth and risk reduction.

Key Responsibilities:

1. Business Unit Alignment & Intake

• Serve as the primary point of contact for each business units security needs.
• Consolidate triage and prioritize security requests projects and operational issues.
• Ensure all business areas receive consistent equitable and timely security support.

2. System Assessments Categorization & Control Selection

• Apply standardized assessment methodologies to evaluate system risk.
• Recommend right-sized security controls based on operational context and regulatory requirements.
• Prevent over- or under-engineering of controls reducing friction for business teams.

3. Risk Translation Prioritization & Action Planning

• Translate complex technical risks into clear business-impact language for executives.
• Communicate risk in terms of operational disruption financial exposure customer trust and compliance.
• Develop corrective action plans compensating controls and risk acceptances for issues including vulnerabilities supplier risks audit findings and system gaps.

4. Local Governance & Risk Visibility

• Establish recurring governance touchpoints within each business unit.
• Provide transparency into security posture risk hot spots and upcoming compliance obligations.
• Drive accountability for remediation and adherence to enterprise guardrails.

5. Escalation of Business-Specific Risks & Project Needs

• Surface business-unit-specific risks and needs to enterprise cybersecurity leadership.
• Ensure emerging issues are not siloed or overlooked improving enterprise-wide prioritization.

6. Vulnerability Management & Secure Baseline Adoption

• Support business units in meeting vulnerability remediation SLAs.
• Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering.
• Promote and monitor adoption of secure configuration baselines across all systems.

7. Representation of Business Interests in Security Sales & Revenue Activities

• Provide security expertise for customer-facing functions such as supply chain solutions design services and digital platforms.
• Support sales cycles customer trust discussions and contract/audit responses.
• Position cybersecurity investments as competitive differentiators for revenue-critical offerings.

8. Certification & Regulatory Compliance Support

• Support business units in obtaining maintaining and preparing for security and compliance certificationsincluding CMMC ISO 27001 UK Cyber Essentials and NIS2by guiding control implementation evidence collection readiness assessments and audit interactions.
• Assist the business in meeting ongoing regulatory and compliance requirements such as SOX PCI HIPAA GDPR and other regional or industry-specific mandates.
• Ensure that certification and regulatory obligations are translated into clear actionable business tasks and that gaps are tracked and remediated through structured plans or risk acceptances.

Strategic Impact

The BISO plays a foundational role in Avnets IT governance by:

• Reducing inconsistency and risk from siloed or business-managed IT.
• Driving uniform adoption of cybersecurity policies and controls.
• Acting as the connective tissue between enterprise IT direction and business-specific needs.
• Elevating vulnerability management execution and secure baseline consistency across decentralized environments.
• Aligning security investments with true business priorities and budget governance.

Required Skills & Competencies

Executive Presence & Communication

• Ability to converse fluently with senior business leaders including BU Presidents.
• Skilled at translating technical concepts into clear business-relevant insights.
• Capable of influencing without relying on authority using credibility clarity and trust.
• Adept at framing risk in terms of financial operational regulatory and reputational impact.

Technical & Strategic Capabilities

• Strong understanding of cybersecurity frameworks governance and risk management.
• Proficiency in system assessment control selection and vulnerability management practices.
• Ability to balance enterprise standards with local business needs.
• Experience supporting compliance programs and audit processes.

Outcome of the Role

The BISO delivers a scalable business-integrated security capability that enhances Avnets operational alignment strengthens risk visibility accelerates remediation and supports global business growth. By embedding trusted cybersecurity advisors directly within business units Avnet ensures its security posture not only protects the organization but also enables competitiveness in demanding global markets.

Work Experience:

• Typically 8 years with bachelors or equivalent.

Education and Certification(s):

• Bachelors degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Distinguishing Characteristics:

• May require competency in all of the six Security competencies: Security Intelligence Identity Management Compliance Secured Infrastructure Secured Development and Security Education

What We Offer:

Our employees work hard to live our values and help us grow. Our total rewards strategy supports Avnets ability to attract engage develop and reward our employees while promoting a diverse and inclusive environment. We offer competitive compensation and benefit programs from time away and flexible working arrangements to programs supporting employee well-being and opportunities to give back to your community.

• Generous Paid Time Off

• 401K and Pension Plan

• Paid Holidays

• Family Support (Paid Leave Surrogacy Adoption)

• Medical Dental Vision and Life Insurance

• Long-term and Short-term Disability Insurance

• Health Savings Account / Flexible Spending Account

• Education Assistance

• Employee Development Resources

• Employee Wellness Leadership Development and Mentorship Programs

Benefits listed above may vary depending on the nature of your employment with Avnet.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills.

Avnet is an Equal Opportunity Employer committed to providing equal opportunities to all employees and applicants for employment without regard to race color religion ancestry national origin sex (including pregnancy) age marital status sexual orientation gender identity or expression disability veteran status genetic information or any other characteristic protected by law. This policy of non-discrimination also applies to religious dress and grooming practices. Avnet will accommodate employee religious dress standards and grooming practices that do not result in undue hardship for the Company. If you are interested in applying for employment with Avnet and need special assistance or an accommodation to apply for a posted position contact our Human Resources Service Center at .