About The Position

Who We Are: At Avnet, relationships matter. We are a global, FORTUNE ® 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology. Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet! Role Summary The Program Manager, Cybersecurity Strategy and Metrics (BISC) serves as both a key operational leader within Avnet’s business‑aligned cybersecurity function. The Program Manager helps establish, mature, and operationalize the BISO program, executing hands‑on business engagement while shaping the standards, processes, and metrics that will define the function long‑term.

Requirements

  • Typically 8+ years with bachelor's or equivalent.
  • Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Responsibilities

  • Program Build‑Out & Continuous Improvement Partner with the Director to establish and refine the BISO operating model, including engagement patterns, role delineation, standard artifacts, and escalation paths. Conduct a formal proof‑of‑value (PoV) to demonstrate program impact, measure risk‑reduction effectiveness, capture workload and volume metrics, and translate results into repeatable operational standards. Assess and forecast BISO workload, helping size the team appropriately based on demand, complexity, and business footprint. Define logical lanes of responsibility for current and future BISOs (e.g., vulnerability support, governance, audit coordination, system assessments). Establish and evolve operational standards—intake processes, assessment frameworks, risk templates, reporting dashboards, and governance cadences.
  • System Assessments, Categorization & Control Selection Lead and guide junior BISOs in conducting standardized system assessments, ensuring security requirements are right‑sized based on risk, data sensitivity, business criticality, and regulatory needs. Champion consistent control selection and tailoring, preventing both over-engineering and under‑protection. Work closely with Enterprise Cybersecurity, IT, and engineering teams to align system‑level decisions to enterprise guardrails while minimizing business friction.
  • Risk Translation, Prioritization & Action Planning Translate complex and technical security risks into clear business‑impact narratives, articulating implications across operational disruption, customer trust, revenue exposure, and compliance obligations. Partner with business units to develop action plans, compensating controls, or formal risk acceptances for vulnerabilities, supplier issues, audit findings, and system gaps. Ensure every risk or exception is evaluated, documented, approved, monitored, and periodically reviewed—with complete visibility to leadership.
  • Local Governance & Risk Visibility Establish recurring business-level governance mechanisms, providing transparency on risk posture, remediation progress, secure baseline adoption, assessments status, and upcoming obligations. Ensure business leaders have a clear understanding of risk hot spots, competing priorities, and potential escalations. Drive accountability by aligning BU decisions with enterprise risk tolerance and CISO‑level expectations.
  • Escalation of BU‑Specific Risks & Project Needs Surface business‑specific risks, systemic blockers, resource needs, and project dependencies to enterprise cybersecurity leadership. Ensure issues do not remain isolated or siloed within a single business area by enabling centralized visibility and prioritization. Help guide enterprise trade‑off decisions by providing concise, contextual, and data‑driven escalation narratives.
  • Vulnerability Management & Secure Baselines Support business units in interpreting vulnerability findings, assessing business impact, and prioritizing remediation in alignment with SLAs. Coordinate cross‑functional remediation strategies, removing blockers and driving adherence to enterprise remediation expectations. Champion the deployment, maintenance, and periodic validation of secure configuration baselines across systems within assigned scope to improve audit readiness and reduce systemic vulnerabilities.
  • Hands‑On BISO Support for Assigned BU(s)/Region(s) Serve as the primary cybersecurity advisor and engagement point for designated operating companies or regions. Advocate for the business within the cybersecurity organization while ensuring consistent application of enterprise security policies and risk standards. Support revenue‑critical functions including customer security inquiries, audits, RFP responses, and contract security obligations.
  • Governance, Audit Coordination & Risk Oversight Coordinate audit response activities with assigned business units, ensuring coherent remediation plans and consistent treatment of similar findings. Rationalize risk acceptances within business units and ensure alignment with enterprise risk appetite. Track and report remediation deadlines, exceptions, and emergent risk themes across the BISOs you manage.
  • Metrics, Reporting & Decision Support Define and maintain operational dashboards covering workload, risk themes, SLA performance, exception volume, remediation velocity, and system assessment throughput. Provide executive‑ready reporting to business leadership and the CISO organization. Use trend analysis to identify systemic issues, capability gaps, and high‑impact focus areas.
  • Certifications & Regulatory/Customer Security Expectations Support determination of certification applicability (e.g., ISO 27001, CMMC, Cyber Essentials, and regional schemes). Assist BUs in readiness assessments, control gap remediation, and sustaining governance to avoid fragmented or redundant certification efforts.

Benefits

  • Generous Paid Time Off
  • 401K and Pension Plan
  • Paid Holidays
  • Family Support (Paid Leave, Surrogacy, Adoption)
  • Medical, Dental, Vision, and Life Insurance
  • Long-term and Short-term Disability Insurance
  • Health Savings Account / Flexible Spending Account
  • Education Assistance
  • Employee Development Resources
  • Employee Wellness, Leadership Development and Mentorship Programs
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service