Business Information Security Officer; BISO

Position: Business Information Security Officer (BISO)
Who We Are:

At Avnet, relationships matter. We are a global, FORTUNE  500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology.

Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet!

The Business Information Security Officer (BISO) serves as a strategic partner to Avnet’s global business operations - enabling the business to operate securely, grow confidently, and deliver value to customers.

Acting as a trusted advisor and embedded security leader, the BISO works across business, technology, and cybersecurity teams to ensure security is seamlessly integrated into business processes, decision-making, and innovation. This role focuses on reducing friction, clarifying risk, and accelerating secure outcomes while aligning to enterprise cybersecurity strategy.

The BISO partners with the business to balance risk, speed, and opportunity, helping teams move forward with revenue growth opportunities.

Key Responsibilities:

1. Business Unit Alignment & Intake Serve as the primary cybersecurity advisor to assigned business units, building strong, trust-based relationships.

Actively engage with business leaders to understand priorities, challenges, and growth initiatives.

Ensure security is embedded early in planning to enable faster, more informed decision-making.

Provide consistent, responsive, and business-aligned security support.
2. System Assessments, Categorization & Control Selection Apply practical, risk-based assessment methodologies aligned to business context.

Recommend right-sized security controls based on operational context and regulatory requirements.

Prevent over- or under-engineering of controls, reducing friction for business teams.
3. Risk Translation, Prioritization & Action Planning Translate complex technical risks into clear business-impact language (financial, operational, customer trust, and compliance) for executives.

Enable business leaders to make informed, risk-based decisions with confidence.

Partner with teams to define actionable remediation strategies, compensating controls, and acceptable risk positions.

Promote transparency so risks are clearly understood.
4. Local Governance & Risk Visibility Establish recurring governance touchpoints within each business unit.

Provide transparency into security posture, risk hot spots, and upcoming compliance obligations.

Support clear ownership and drive accountability for managing risk.
5. Escalation of Business-Specific Risks & Project Needs Represent business priorities within enterprise cybersecurity discussions.

Surface business-unit-specific risks and needs to enterprise cybersecurity leadership.

Advocate for solutions that align security expectations with business realities.

Help ensure enterprise priorities are informed by emerging risk and business needs.
6. Vulnerability Management & Secure Baseline Adoption Support business units in meeting vulnerability remediation SLAs.Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering.

Promote and monitor adoption of secure configuration baselines across all systems.
7. Representation of Business Interests in Security, Sales & Revenue Activities Provide security expertise for customer-facing functions such as supply chain solutions, design services, and digital platforms.

Support sales cycles, customer trust discussions, and contract/audit responses.

Position cybersecurity investments as competitive differentiators for revenue-critical offerings.
8. Certification & Regulatory Compliance Support Support business units in obtaining, maintaining,…