Business Information Security Officer (BISO)
Avnet · Chandler, AZ · 1 mo ago
Information TechnologyFull-time
About the role
The Business Information Security Officer (BISO) serves as a strategic partner to Avnet’s global business operations, ensuring security is seamlessly integrated into business processes, decision-making, and innovation.
Responsibilities
- Serve as the primary cybersecurity advisor to assigned business units, building strong, trust-based relationships.
- Actively engage with business leaders to understand priorities, challenges, and growth initiatives.
- Ensure security is embedded early in planning to enable faster, more informed decision-making.
- Provide consistent, responsive, and business-aligned security support.
- Apply practical, risk-based assessment methodologies aligned to business context.
- Recommend right-sized security controls based on operational context and regulatory requirements.
- Translate complex technical risks into clear business-impact language for executives.
- Partner with teams to define actionable remediation strategies, compensating controls, and acceptable risk positions.
- Promote transparency so risks are clearly understood.
- Establish recurring governance touchpoints within each business unit.
- Support clear ownership and drive accountability for managing risk.
- Represent business priorities within enterprise cybersecurity discussions.
- Surface business-unit-specific risks and needs to enterprise cybersecurity leadership.
- Advocate for solutions that align security expectations with business realities.
- Help ensure enterprise priorities are informed by emerging risk and business needs.
- Support business units in meeting vulnerability remediation SLAs.
- Help teams understand the business impact of exposures and coordinate remediation with IT Ops and Engineering.
- Promote and monitor adoption of secure configuration baselines across all systems.
- Provide security expertise for customer-facing functions such as supply chain solutions, design services, and digital platforms.
- Support sales cycles, customer trust discussions, and contract/audit responses.
- Position cybersecurity investments as competitive differentiators for revenue-critical offerings.
- Support business units in obtaining, maintaining, and preparing for security and compliance certifications.
- Aid the business in meeting ongoing regulatory and compliance requirements such as SOX, PCI, HIPAA, GDPR, and other regional or industry-specific mandates.
- Ensure that certification and regulatory obligations are translated into clear, actionable business tasks, and that gaps are tracked and remediated.
Required Skills & Competencies
- Executive Presence & Communication: Converse fluently in English with senior business leaders, including global business unit Presidents.
- Technical & Strategic Capabilities: Strong understanding of cybersecurity frameworks, governance, and risk management; proficiency in system assessment, control selection, and vulnerability management practices; experience balancing enterprise standards with local business needs; experience supporting compliance programs and audit processes.
Outcome of the Role
The BISO enables a scalable business-integrated security capability that supports faster, more informed decision-making, strengthens risk visibility and accountability, enhances operational resilience without disrupting delivery, enables secure growth and innovation, and positions security as a strategic advantage for Avnet.
Qualifications
- Typically 8+ years of IT experience, with 4+ years in cybersecurity, IT risk, or information security.
- Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
- Relevant certifications such as CISSP, CISM, CRISC preferred.