Program Manager, Cybersecurity Strategy and Metrics; BISO

Who We Are:

At Avnet, relationships matter. We are a global, FORTUNE ® 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology.

Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet!

The Program Manager, Cybersecurity Strategy and Metrics (BISC) serves as both a key operational leader within Avnet’s business‑aligned cybersecurity function. The Program Manager helps establish, mature, and operationalize the BISO program
, executing hands‑on business engagement while shaping the standards, processes, and metrics that will define the function long‑term.

• Partner with the Director to establish and refine the BISO operating model
  , including engagement patterns, role delineation, standard artifacts, and escalation paths.
• Conduct a formal proof‑of‑value (PoV) to demonstrate program impact, measure risk‑reduction effectiveness, capture workload and volume metrics, and translate results into repeatable operational standards.
• Assess and forecast BISO workload
  , helping size the team appropriately based on demand, complexity, and business footprint.
• Define logical lanes of responsibility for current and future BISOs (e.g., vulnerability support, governance, audit coordination, system assessments).
• Establish and evolve operational standards
  —intake processes, assessment frameworks, risk templates, reporting dashboards, and governance cadences.

• Lead and guide junior BISOs in conducting standardized system assessments
  , ensuring security requirements are right‑sized based on risk, data sensitivity, business criticality, and regulatory needs.
• Champion consistent control selection and tailoring
  , preventing both over‑engineering and under‑protection.
• Work closely with Enterprise Cybersecurity, IT, and engineering teams to align system‑level decisions to enterprise guardrails while minimizing business friction.

• Translate complex and technical security risks into clear business‑impact narratives
  , articulating implications across operational disruption, customer trust, revenue exposure, and compliance obligations.
• Partner with business units to develop action plans, compensating controls, or formal risk acceptances for vulnerabilities, supplier issues, audit findings, and system gaps.
• Ensure every risk or exception is evaluated, documented, approved, monitored, and periodically reviewed
  —with complete visibility to leadership.

• Establish recurring business‑level governance mechanisms
  , providing transparency on risk posture, remediation progress, secure baseline adoption, assessments status, and upcoming obligations.
• Ensure business leaders have a clear understanding of risk hot spots
  , competing priorities, and potential escalations.
• Drive accountability by aligning BU decisions with enterprise risk tolerance and CISO‑level expectations.

• Surface business‑specific risks, systemic blockers, resource needs, and project dependencies to enterprise cybersecurity leadership.
• Ensure issues do not remain isolated or siloed within a single business area by enabling centralized visibility and prioritization.
• Help guide enterprise trade‑off decisions by providing concise, contextual, and data‑driven escalation narratives.

• Support business units in interpreting vulnerability findings, assessing business impact, and…