Director - Business Information Security

Who We Are: At Avnet, relationships matter. We are a global, FORTUNE ® 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology. Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet! The Director responsible for administering the Business Information Security Officer (BISO) team serves as the strategic, operational, and governance leader of Avnet’s business-aligned cybersecurity function and acts as a key extension of the CISO’s leadership. The Director ensures the BISO organization operates as a cohesive, scalable capability that consistently enables business outcomes while strengthening enterprise risk management. 1. Strategic Leadership & Program Ownership The Director owns the vision, structure, and execution of the BISO program, ensuring it delivers on its purpose as the bridge between enterprise cybersecurity governance and Avnet’s diverse business units. This includes defining the BISO operating model, engagement standards, success metrics, and a multi-year maturity roadmap aligned with the CISO’s strategy and Avnet’s transition toward centralized IT governance. 2. Management and Development of the BISO Team The Director is accountable for building, leading, and scaling a high-performing BISO team. This includes hiring, onboarding, performance management, coaching, and career development. The Director ensures BISOs demonstrate strong executive presence, business acumen, and the ability to translate technical risk into business-relevant language, while maintaining consistent execution across business units with differing risk profiles and operational models. 3. Enterprise-to-Business Alignment Acting as the primary coordination point between the CISO organization and business leadership, the Director ensures enterprise security policies, standards, and priorities are applied consistently and pragmatically across all business units. The Director helps resolve tension between business objectives and security requirements, ensuring trade-offs are made deliberately and in line with enterprise risk tolerance. 4. Governance, Risk Oversight & Consistency of Outcomes The Director provides aggregate oversight of business-unit risk posture and serves as a sounding board for BISOs when evaluating complex or ambiguous risk scenarios. By reviewing risk statements, remediation strategies, compensating controls, and risk acceptances, the Director helps rationalize risk decisions and drives consistency in action planning across business units. This prevents uneven treatment of similar risks, reduces subjective decision-making, and ensures enterprise-level comparability and transparency. 5. Standardization of Intake, Assessment & Reporting To eliminate fragmentation, the Director establishes and enforces standardized processes for security intake, system assessments, control selection, exception handling, and business-facing reporting. These standards enable predictable engagement models for business and IT partners while allowing flexibility where risk and regulatory requirements differ. 6. Management of BISO-Enabling Resources, Tools & Contracts The Director is responsible for overseeing the shared support resources, tools, and third-party contracts that BISOs rely on to execute their responsibilities effectively. This includes ensuring appropriate access to assessment services, risk tooling, vulnerability intelligence, compliance support, and other enabling capabilities. The Director evaluates the effectiveness of these resources, rationalizes overlapping services, manages demand against capacity, and ensures investments directly support BISO outcomes rather than creating additional friction or complexity. 7. Metrics, Trend Analysis & Focus Prioritization The Director interprets security metrics and trend data across business units—including vulnerability performance, risk themes, remediation timelines, audit findings, and exception volumes—to identify systemic issues and emerging risk patterns. By translating data into actionable insight, the Director helps BISOs focus their efforts on the highest-impact areas, shifting attention from isolated findings to structural improvements that materially reduce enterprise risk. 8. Executive Communication & Representation As a direct report to the CISO, the Director represents the collective voice of the business units within enterprise cybersecurity leadership forums. They communicate aggregated risk posture, resource constraints, and investment needs in clear, executive-level terms, enabling informed prioritization and decision-making at the senior leadership level. 9. Enablement of Vulnerability Management & Secure Baselines The Director ensures the BISO function effectively supports vulnerability management execution and secure baseline adoption across decentralized environments. This includes addressing systemic blockers, driving consistency in expectations, and partnering with IT Operations and Engineering leadership to improve remediation outcomes and audit readiness. 10. Support for Revenue-Critical & Customer-Facing Functions The Director ensures BISOs are positioned and supported to enable customer-driven security requirements, audits, and contractual obligations—particularly in revenue-generating and customer-facing areas. The role helps translate cybersecurity investments into business value by reinforcing trust, credibility, and competitive differentiation. 11. Cyber Certifications Strategy & Oversight (CMMC, ISO 27001, Cyber Essentials, Regional Schemes, etc.) The Director, in partnership with the Director, Governance Risk and Compliance, provides enterprise-level leadership over cybersecurity certifications required by Avnet’s operating companies across global regions. In particular, BISOs shall support the assessment of requirements in their region and the application of security controls to achieve certification. This includes CMMC for U.S. defense‑related activities, ISO 27001 for global information security management requirements, Cyber Essentials for UK operations, and any regionally mandated or customer‑driven certifications. The Director is responsible for: Determining applicability of certifications across Avnet’s diverse global businesses, assessing when certifications should: remain region-specific, driven by local regulatory, legal, or market requirements, or be expanded enterprise-wide to create operational efficiencies, cost savings, or competitive advantage. Evaluating readiness for certification, including required process maturity, resource availability, control gaps, and dependencies on enterprise security capabilities. Working with the applicable business areas to define their investment strategy—including budgets, staffing, tooling, and operational changes—required for both acquisition and long-term maintenance of certifications. Coordinating cross-functional execution across Business Units, IT, Legal, Compliance, and Enterprise Cybersecurity to ensure successful certification and renewal. Preventing certification fragmentation, ensuring that business units do not pursue redundant or conflicting certification efforts without central governance review. 12. Coordination of Audit Findings & Enterprise Risk Alignment The Director supports the enterprise process for coordinating cybersecurity-related audit findings—whether originating from global internal audit, regional audit teams, external auditors, or regulatory examinations. The particular focus for the BISO program is in triaging risks as they are discovered by working with the business to create action plans. Responsibilities include: Triaging findings to determine which require: direct BISO involvement, cross-BISO coordination, enterprise-level remediation owned by the CISO organization. Driving consistent remediation approaches so that two business units with the same type of deficiency do not implement materially different or misaligned corrective actions. Coordinating and tracking remediation progress, ensuring BISOs have the clarity, support, and prioritization needed to resolve audit exceptions within deadlines. Escalating audit-driven risks that have broader enterprise implications beyond the single business unit where they were identified. Ensuring alignment with enterprise risk appetite, helping BISOs and business leaders understand when remediation is required versus when a risk acceptance may be appropriate.