Business Information Security Officer

Avnet•Phoenix, AZ

About The Position

The Business Information Security Officer (BISO) is a critical enabler of cybersecurity across Avnet’s global business operations. Acting as the unified bridge between enterprise cybersecurity governance and Avnet’s diverse business units, the BISO ensures that security, compliance, and risk management practices are consistently aligned with enterprise IT strategy while remaining responsive to the distinct needs of each business segment. This role provides embedded, business-facing security leadership—translating cybersecurity policy, risk posture, and strategic priorities into actionable, contextual guidance that supports operational decision-making, revenue growth, and risk reduction.

Requirements

Executive Presence & Communication Ability to converse fluently with senior business leaders, including BU Presidents. Skilled at translating technical concepts into clear, business-relevant insights. Capable of influencing without relying on authority, using credibility, clarity, and trust. Adept at framing risk in terms of financial, operational, regulatory, and reputational impact.
Technical & Strategic Capabilities Strong understanding of cybersecurity frameworks, governance, and risk management. Proficiency in system assessment, control selection, and vulnerability management practices. Ability to balance enterprise standards with local business needs. Experience supporting compliance programs and audit processes.
Typically 8+ years with bachelor's or equivalent.
Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Responsibilities

Business Unit Alignment & Intake Serve as the primary point of contact for each business unit’s security needs. Consolidate, triage, and prioritize security requests, projects, and operational issues. Ensure all business areas receive consistent, equitable, and timely security support.
System Assessments, Categorization & Control Selection Apply standardized assessment methodologies to evaluate system risk. Recommend right-sized security controls based on operational context and regulatory requirements. Prevent over- or under-engineering of controls, reducing friction for business teams.
Risk Translation, Prioritization & Action Planning Translate complex technical risks into clear business-impact language for executives. Communicate risk in terms of operational disruption, financial exposure, customer trust, and compliance. Develop corrective action plans, compensating controls, and risk acceptances for issues including vulnerabilities, supplier risks, audit findings, and system gaps.
Local Governance & Risk Visibility Establish recurring governance touchpoints within each business unit. Provide transparency into security posture, risk hot spots, and upcoming compliance obligations. Drive accountability for remediation and adherence to enterprise guardrails.
Escalation of Business-Specific Risks & Project Needs Surface business-unit-specific risks and needs to enterprise cybersecurity leadership. Ensure emerging issues are not siloed or overlooked, improving enterprise-wide prioritization.
Vulnerability Management & Secure Baseline Adoption Support business units in meeting vulnerability remediation SLAs. Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering. Promote and monitor adoption of secure configuration baselines across all systems.
Representation of Business Interests in Security, Sales & Revenue Activities Provide security expertise for customer-facing functions such as supply chain solutions, design services, and digital platforms. Support sales cycles, customer trust discussions, and contract/audit responses. Position cybersecurity investments as competitive differentiators for revenue-critical offerings.
Certification & Regulatory Compliance Support Support business units in obtaining, maintaining, and preparing for security and compliance certifications—including CMMC, ISO 27001, UK Cyber Essentials, and NIS2—by guiding control implementation, evidence collection, readiness assessments, and audit interactions. Assist the business in meeting ongoing regulatory and compliance requirements such as SOX, PCI, HIPAA, GDPR, and other regional or industry-specific mandates. Ensure that certification and regulatory obligations are translated into clear, actionable business tasks, and that gaps are tracked and remediated through structured plans or risk acceptances.