Business Information Security Officer; BISO

Business Information Security Officer (BISO) Overview

The Business Information Security Officer (BISO) serves as a strategic partner to Avnet's global business operations, enabling the business to operate securely, grow confidently, and deliver value to customers. Acting as a trusted advisor and embedded security leader, the BISO works across business, technology, and cybersecurity teams to ensure security is seamlessly integrated into business processes, decision-making, and innovation. The role focuses on reducing friction, clarifying risk, and accelerating secure outcomes while aligning to the enterprise cybersecurity strategy.

• Business Unit Alignment & Intake:
  Serve as the primary cybersecurity advisor to assigned business units, building strong trust-based relationships.
• Engage with business leaders to understand priorities, challenges, and growth initiatives, ensuring security is embedded early in planning.
• Provide consistent, responsive, and business-aligned security support.
• System Assessments, Categorization & Control Selection:
  Apply practical, risk-based assessment methodologies and recommend right-sized security controls aligned to operational context and regulatory requirements.
• Risk Translation, Prioritization & Action Planning:
  Translate complex technical risks into clear business-impact language for executives and enable informed, risk-based decisions.
• Partner with teams to define actionable remediation strategies, compensating controls, and acceptable risk positions, promoting transparency.
• Local Governance & Risk Visibility:
  Establish recurring governance touchpoints, provide transparency into security posture, and support ownership and accountability for managing risk.
• Escalation of Business-Specific Risks & Project Needs:
  Represent business priorities within enterprise cybersecurity discussions, surface risks, and advocate solutions aligning security expectations with business realities.
• Vulnerability Management & Secure Baseline Adoption:
  Support units in meeting vulnerability remediation SLAs, coordinate remediation, and promote adoption of secure configuration baselines.
• Representation of Business Interests in Security, Sales & Revenue
  
  Activities:
  
  Provide security expertise for customer-facing functions, support sales cycles, customer trust discussions, and contract/audit responses, positioning cybersecurity investments as competitive differentiators.
• Certification & Regulatory Compliance Support:
  Guide units through security and compliance certifications (CMMC, ISO 27001, UK Cyber Essentials, NIS2), assist with regulatory obligations such as SOX, PCI, HIPAA, GDPR, and ensure gaps are tracked and remediated.

• Embed security into business operations to support growth and innovation.
• Reduce friction between security requirements and business delivery.
• Improve clarity and ownership of risk across the organization.
• Strengthen customer trust and regulatory confidence.
• Align security investments with business priorities and outcomes.
• Drive uniform adoption of cybersecurity policies and controls.
• Elevate vulnerability management execution and secure baseline consistency across decentralized environments.

• Fluent English communication with senior business leaders, including global business unit presidents.
• Translate technical concepts into clear, business-relevant insights.
• Influence decisions through partnership and credibility.
• Frame risk in terms of financial, operational, regulatory, and reputational impact.

• Strong understanding of cybersecurity frameworks, governance, and risk management.
• Proficiency in system assessment, control selection, and vulnerability management practices.
• Experience balancing enterprise standards with local business needs.
• Experience supporting compliance programs and audit processes.

• Supports faster, more informed decision-making.
• Strengthens risk visibility and accountability.
• Enhances operational resilience without disrupting delivery.
• Enables secure growth and innovation.
• Positions security as a strategic advantage for Avnet.

• Typically 8+ years of IT experience, with 4+ years in cybersecurity, IT risk, or information security.

• Bachelor’s degree or equivalent experience.
• Relevant certifications such as CISSP, CISM, CRISC preferred.

• Broad understanding of enterprise technologies including cloud, applications, infrastructure, and emerging trends.
• Strong knowledge of security principles, risk management, and control frameworks (e.g., NIST, CIS).
• Experience translating security risks into business impact and decision-making guidance.
• Familiarity with Agile and Dev Sec Ops  delivery models.
• Working knowledge of regulatory requirements (e.g., PCI DSS, GDPR) and practical implementation.
• Competency across all six security competencies:
  Security Intelligence, Identity Management,…