Who We Are: At Avnet, relationships matter. We are a global, FORTUNE ® 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology. Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet! The Director responsible for administering the Business Information Security Officer (BISO) team serves as the strategic, operational, and governance leader of Avnet’s business-aligned cybersecurity function and acts as a key extension of the CISO’s leadership. The Director ensures the BISO organization operates as a cohesive, scalable capability that consistently enables business outcomes while strengthening enterprise risk management. 1. Strategic Leadership & Program Ownership The Director owns the vision, structure, and execution of the BISO program, ensuring it delivers on its purpose as the bridge between enterprise cybersecurity governance and Avnet’s diverse business units. This includes defining the BISO operating model, engagement standards, success metrics, and a multi-year maturity roadmap aligned with the CISO’s strategy. 2. Management and Development of the BISO Team The Director is accountable for building, leading, and scaling a high-performing BISO team. This includes hiring, onboarding, performance management, coaching, and career development. The Director ensures BISOs demonstrate strong executive presence, business acumen, and the ability to translate technical risk into business-relevant language, while maintaining consistent execution across business units with differing risk profiles and operational models. 3. Enterprise-to-Business Alignment Acting as the primary coordination point between the CISO organization and business leadership, the Director ensures enterprise security policies, standards, and priorities are applied consistently and pragmatically across all business units. The Director helps resolve tension between business objectives and security requirements, ensuring trade-offs are made deliberately and in line with enterprise risk tolerance. 4. Governance, Risk Oversight & Consistency of Outcomes The Director provides aggregate oversight of business-unit risk posture and serves as a sounding board for BISOs when evaluating complex or ambiguous risk scenarios. By reviewing risk statements, remediation strategies, compensating controls, and risk acceptances, the Director helps rationalize risk decisions and drives consistency in action planning across business units. This prevents uneven treatment of similar risks, reduces subjective decision-making, and ensures enterprise-level comparability and transparency. 5. Standardization of Intake, Assessment & Reporting To eliminate fragmentation, the Director establishes and enforces standardized processes for security intake, system assessments, control selection, exception handling, and business-facing reporting. These standards enable predictable engagement models for business and IT partners while allowing flexibility where risk and regulatory requirements differ. 6. Management of BISO-Enabling Resources, Tools & Contracts The Director is responsible for overseeing the shared support resources, tools, and third-party contracts that BISOs rely on to execute their responsibilities effectively. This includes ensuring appropriate access to assessment services, risk tooling, vulnerability intelligence, compliance support, and other enabling capabilities. The Director evaluates the effectiveness of these resources, rationalizes overlapping services, manages demand against capacity, and ensures investments directly support BISO outcomes rather than creating additional friction or complexity. 7. Metrics, Trend Analysis & Focus Prioritization The Director interprets security metrics and trend data across business units—including vulnerability performance, risk themes, remediation timelines, audit findings, and exception volumes—to identify systemic issues and emerging risk patterns. By translating data into actionable insight, the Director helps BISOs focus their efforts on the highest-impact areas, shifting attention from isolated findings to structural improvements that materially reduce enterprise risk. 8. Executive Communication & Representation As a direct report to the CISO, the Director represents the collective voice of the business units within enterprise cybersecurity leadership forums. They communicate aggregated risk posture, resource constraints, and investment needs in clear, executive-level terms, enabling informed prioritization and decision-making at the senior leadership level. 9. Enablement of Vulnerability Management & Secure Baselines The Director ensures the BISO function effectively supports vulnerability management execution and secure baseline adoption across decentralized environments. This includes addressing systemic blockers, driving consistency in expectations, and partnering with IT Operations and Engineering leadership to improve remediation outcomes and audit readiness. 10. Support for Revenue-Critical & Customer-Facing Functions The Director ensures BISOs are positioned and supported to enable customer-driven security requirements, audits, and contractual obligations—particularly in revenue-generating and customer-facing areas. The role helps translate cybersecurity investments into business value by reinforcing trust, credibility, and competitive differentiation. 11. Cyber Certifications Strategy & Oversight (CMMC, ISO 27001, Cyber Essentials, Regional Schemes, etc.) The Director, in partnership with the Director, Governance Risk and Compliance, provides enterprise-level leadership over cybersecurity certifications required by Avnet’s operating companies across global regions. In particular, BISOs shall support the assessment of requirements in their region and the application of security controls to achieve certification. This includes CMMC for U.S. defense‑related activities, ISO 27001 for global information security management requirements, Cyber Essentials for UK operations, and any regionally mandated or customer‑driven certifications. The Director is responsible for: Determining applicability of certifications across Avnet’s diverse global businesses, assessing when certifications should: remain region-specific, driven by local regulatory, legal, or market requirements, or be expanded enterprise-wide to create operational efficiencies, cost savings, or competitive advantage. Evaluating readiness for certification, including required process maturity, resource availability, control gaps, and dependencies on enterprise security capabilities. Working with the applicable business areas to define their investment strategy—including budgets, staffing, tooling, and operational changes—required for both acquisition and long-term maintenance of certifications. Coordinating cross-functional execution across Business Units, IT, Legal, Compliance, and Enterprise Cybersecurity to ensure successful certification and renewal. Preventing certification fragmentation, ensuring that business units do not pursue redundant or conflicting certification efforts without central governance review. 12. Coordination of Audit Findings & Enterprise Risk Alignment The Director supports the enterprise process for coordinating cybersecurity-related audit findings—whether originating from global internal audit, regional audit teams, external auditors, or regulatory examinations. The particular focus for the BISO program is in triaging risks as they are discovered by working with the business to create action plans. Responsibilities include: Triaging findings to determine which require: direct BISO involvement, cross-BISO coordination, enterprise-level remediation owned by the CISO organization. Driving consistent remediation approaches so that two business units with the same type of deficiency do not implement materially different or misaligned corrective actions. Coordinating and tracking remediation progress, ensuring BISOs have the clarity, support, and prioritization needed to resolve audit exceptions within deadlines. Escalating audit-driven risks that have broader enterprise implications beyond the single business unit where they were identified. Ensuring alignment with enterprise risk appetite, helping BISOs and business leaders understand when remediation is required versus when a risk acceptance may be appropriate. Work Experience: Typically 10+ years including 5+ years of management experience Education and Certification(s): Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained. #LI-HYBRID What We Offer: Our employees work hard to live our values and help us grow. Our total rewards strategy supports Avnet’s ability to attract, engage, develop, and reward our employees, while promoting a diverse and inclusive environment. We offer competitive compensation and benefit programs — from time away and flexible working arrangements to programs supporting employee well-being and opportunities to give back to your community. Generous Paid Time Off 401K and Pension Plan Paid Holidays Family Support (Paid Leave, Surrogacy, Adoption) Medical, Dental, Vision, and Life Insurance Long-term and Short-term Disability Insurance Health Savings Account / Flexible Spending Account Education Assistance Employee Development Resources Employee Wellness, Leadership Development and Mentorship Programs Benefits listed above may vary depending on the nature of your employment with Avnet. The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills. Avnet is an Equal Opportunity Employer committed to providing equal opportunities to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex (including pregnancy), age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other characteristic protected by law. This policy of non-discrimination also applies to religious dress and grooming practices. Avnet will accommodate employee religious dress standards and grooming practices that do not result in undue hardship for the Company. If you are interested in applying for employment with Avnet and need special assistance or an accommodation to apply for a posted position contact our Human Resources Service Center at (888) 994-7669. As a leading global technology distributor and solutions provider, Avnet has served customers’ evolving needs for more than a century. Through regional and specialized businesses around the world, we support customers and suppliers at every stage of the product lifecycle. We help companies adapt to change and accelerate the design and supply stages of product development. With a unique viewpoint from the center of the technology value chain, Avnet is a trusted partner that solves complex design and supply chain issues so customers can realize revenue faster. Avnet companies: Avnet Abacus Avnet Embedded Solutions Avnet Integrated Solutions Avnet Silica EBV Elektronik element14 Farnell Hackster.io Newark Softweb Solutions Tria Witekio
