Business Information Security Officer (BISO)

Who We Are:At Avnet, relationships matter. We are a global, FORTUNE 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology.Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet!The Business Information Security Officer (BISO) serves as a strategic partner to Avnet’s global business operations - enabling the business to operate securely, grow confidently, and deliver value to customers.Acting as a trusted advisor and embedded security leader, the BISO works across business, technology, and cybersecurity teams to ensure security is seamlessly integrated into business processes, decision-making, and innovation. This role focuses on reducing friction, clarifying risk, and accelerating secure outcomes while aligning to enterprise cybersecurity strategy.The BISO partners with the business to balance risk, speed, and opportunity, helping teams move forward with revenue growth opportunities.Key Responsibilities:1. Business Unit Alignment & IntakeServe as the primary cybersecurity advisor to assigned business units, building strong, trust-based relationships.Actively engage with business leaders to understand priorities, challenges, and growth initiatives.Ensure security is embedded early in planning to enable faster, more informed decision-making.Provide consistent, responsive, and business-aligned security support.2. System Assessments, Categorization & Control SelectionApply practical, risk-based assessment methodologies aligned to business context.Recommend right-sized security controls based on operational context and regulatory requirements.Prevent over- or under-engineering of controls, reducing friction for business teams.3. Risk Translation, Prioritization & Action PlanningTranslate complex technical risks into clear business-impact language (financial, operational, customer trust, and compliance) for executives.Enable business leaders to make informed, risk-based decisions with confidence.Partner with teams to define actionable remediation strategies, compensating controls, and acceptable risk positions.Promote transparency so risks are clearly understood.4. Local Governance & Risk VisibilityEstablish recurring governance touchpoints within each business unit.Provide transparency into security posture, risk hot spots, and upcoming compliance obligations.Support clear ownership and drive accountability for managing risk.5. Escalation of Business-Specific Risks & Project NeedsRepresent business priorities within enterprise cybersecurity discussions.Surface business-unit-specific risks and needs to enterprise cybersecurity leadership.Advocate for solutions that align security expectations with business realities.Help ensure enterprise priorities are informed by emerging risk and business needs.6. Vulnerability Management & Secure Baseline AdoptionSupport business units in meeting vulnerability remediation SLAs.Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering.Promote and monitor adoption of secure configuration baselines across all systems.7. Representation of Business Interests in Security, Sales & Revenue ActivitiesProvide security expertise for customer-facing functions such as supply chain solutions, design services, and digital platforms.Support sales cycles, customer trust discussions, and contract/audit responses.Position cybersecurity investments as competitive differentiators for revenue-critical offerings.8. Certification & Regulatory Compliance SupportSupport business units in obtaining, maintaining, and preparing for security and compliance certifications—including CMMC, ISO 27001, UK Cyber Essentials, and NIS2—by guiding control implementation, evidence collection, readiness assessments, and audit interactions.Assist the business in meeting ongoing regulatory and compliance requirements such as SOX, PCI, HIPAA, GDPR, and other regional or industry-specific mandates.Ensure that certification and regulatory obligations are translated into clear, actionable business tasks, and that gaps are tracked and remediated.Strategic ImpactThe BISO plays a foundational role in Avnet’s IT governance by:Embedding security into business operations to support growth and innovationReducing friction between security requirements and business deliveryImproving clarity and ownership of risk across the organizationStrengthening customer trust and regulatory confidenceAligning security investments with business priorities and outcomesDriving uniform adoption of cybersecurity policies and controls.Elevating vulnerability management execution and secure baseline consistency across decentralized environments.Required Skills & CompetenciesExecutive Presence & CommunicationAbility to converse fluently in English with senior business leaders, including global business unit Presidents.Highly skilled at translating technical concepts into clear, business-relevant insights.Ability to influence decisions through partnership and credibilityAdept at framing risk in terms of financial, operational, regulatory, and reputational impact.Technical & Strategic CapabilitiesStrong understanding of cybersecurity frameworks, governance, and risk management.Proficiency in system assessment, control selection, and vulnerability management practices.Experience balancing enterprise standards with local business needs.Experience supporting compliance programs and audit processes.Outcome of the RoleThe BISO enables a scalable business-integrated security capability that:Supports faster, more informed decision-makingStrengthens risk visibility and accountabilityEnhances operational resilience without disrupting deliveryEnables secure growth and innovationPositions security as a strategic advantage for AvnetExperience:Typically 8+ years of IT experience, with 4+ years in cybersecurity, IT risk, or information security.Education and Certification(s):Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.Relevant certifications such as CISSP, CISM, CRISC preferred.Distinguishing Characteristics:Broad understanding of enterprise technologies, including cloud, applications, infrastructure, and emerging trendsStrong knowledge of security principles, risk management, and control frameworks (e.g., NIST, CIS)Experience translating security risks into business impact and decision-making guidanceFamiliarity with Agile and DevSecOps delivery modelsWorking knowledge of regulatory requirements (e.g., PCI DSS, GDPR) and practical implementationMay require competency in all of the six Security competencies: Security Intelligence, Identity Management, Compliance, Secured Infrastructure, Secured Development and Security EducationWhat We Offer:Our employees work hard to live our values and help us grow. Our total rewards strategy supports Avnet’s ability to attract, engage, develop, and reward our employees, while promoting a diverse and inclusive environment. We offer competitive compensation and benefit programs — from time away and flexible working arrangements to programs supporting employee well-being and opportunities to give back to your community.Generous Paid Time Off401K and Pension PlanPaid HolidaysFamily Support (Paid Leave, Surrogacy, Adoption)Medical, Dental, Vision, and Life InsuranceLong-term and Short-term Disability InsuranceHealth Savings Account / Flexible Spending AccountEducation AssistanceEmployee Development ResourcesEmployee Wellness, Leadership Development and Mentorship ProgramsBenefits listed above may vary depending on the nature of your employment with Avnet.This position will have access to ITAR product and therefore be authorized to access product. This position requires the employee to be a U.S. Citizen or National, or a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or a protected individual as defined by 8 U.S.C. 1324b(a)(3).The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.Avnet is an Equal Opportunity Employer committed to providing equal opportunities to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex (including pregnancy), age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other characteristic protected by law. This policy of non-discrimination also applies to religious dress and grooming practices. Avnet will accommodate employee religious dress standards and grooming practices that do not result in undue hardship for the Company. If you are interested in applying for employment with Avnet and need special assistance or an accommodation to apply for a posted position contact our Human Resources Service Center at View phone number on click.appcast.io. #J-18808-Ljbffr Avnet LLC