Sr. Manager, GRC

Who We Are:

At Avnet, relationships matter. We are a global, FORTUNE ® 500 technology distributor and solutions company that delivers design, supply chain and logistics expertise to customers at every stage of a product’s lifecycle. Our employees have a front row seat to the latest innovations shaping the world we live in and the future we share. We’re driven to help our customers around the world succeed and we do so by earning the trust of some of the biggest names in technology.

Working at Avnet means being a part of a global team. We work collaboratively and with integrity, doing business the right way. For more than a century, we have partnered together to help our customers, suppliers and teammates realize the transformative possibilities of technology. Experience what’s next at Avnet!

Job Summary:

Principal Responsibilities:

• Cyber and IT Compliance

• Lead enterprise cybersecurity and IT compliance programs, including SOX ITGCs & Application controls, PCI DSS, CMMC, and other applicable regulatory and contractual requirements.
• Design, implement, and maintain continuous control monitoring processes to validate the effectiveness of cybersecurity and IT controls on an ongoing basis.
• Translate regulatory and compliance requirements into practical, scalable control expectations aligned to enterprise architecture and operational realities.
• Proactively identify compliance gaps, assess risk, and drive remediation plans in partnership with control owners.
• Periodically assess against NIST CSF and other cybersecurity frameworks.

• Audit Liaison Management

• Own and manage the Audit Liaison function for cybersecurity and IT risk, serving as the primary interface between the company and external auditors, assessors, and regulators.
• Support control owners by raising awareness of compliance requirements, assisting with controls design, and serving as primary interface between Global Audit and audited IT teams. Support Global Audit and external auditors in audit planning, evidence collection, walkthroughs, and issue response across global teams.
• Ensure audit findings are clearly understood, risk-ranked, and translated into actionable remediation plans with accountable owners and timelines.
• Track and report status of remediation action plans.
• Drive consistency and quality in audit responses, reducing friction and repeat findings year over year.

• Contract Reviews and Business Enablement

• Lead the cybersecurity portion of contract reviews in support of all business units, evaluating customer, partner, and supplier cybersecurity requirements.
• Partner with Legal, Sales, Procurement, and Business Leaders to assess contractual risk, negotiate security terms, and ensure commitments align with the company’s cybersecurity capabilities and risk tolerance.
• Provide clear guidance on acceptable risk positions and required controls to enable informed business decisions without unnecessary delays.
• Facilitate Technical and Organizational Measures (TOMs) review requirements of GDPR during business vendor selection process by coordinating teams to complete the non-cyber portion of the reviews and providing a risk assessment for the cybersecurity component of TOMs. Provide the complete assessment report and final risk rating to the Business. Provide assistance to the Business to interpret the risk rating and possible options to mitigate the risks, if required.
• Answer Customer’s request for information (RFIs) by completing the cybersecurity portions of RFIs and gathering responses for other IT portions of the RFIs.

• Third-Party Risk Management (TPRM)

• Oversee the cybersecurity components of the Third-Party Risk Management program for business suppliers, including risk assessments and due diligence.
• Ensure third-party risks are identified, documented, and managed in alignment with enterprise risk management practices.
• Collaborate with Business stakeholders and Contracts team to integrate cybersecurity requirements throughout the supplier lifecycle.
• Collaborate with Procurement and Vendor Management teams to integrate cybersecurity requirements throughout the vendor lifecycle.

• Cyber Policies, Standards, and Governance

• Develop, maintain, and govern enterprise cybersecurity policies and standards.
• Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes while remaining practical and business-focused.
• Drive awareness and adoption of cybersecurity governance across IT and business stakeholders.

• Training and Awareness

• Lead the enterprise cybersecurity training and awareness program, ensuring content is role-appropriate, engaging, and aligned to real-world risks.
• Test and raise awareness of phishing reporting processes through phishing exercises.
• Measure program effectiveness through metrics, trends, and behavioral indicators, continuously improving the program to address emerging threats and business needs.
• Promote a culture of shared responsibility for cybersecurity across the organization.

• Risk Register Management

• Own and manage the enterprise cybersecurity risk register, ensuring risks are clearly articulated, consistently assessed, and aligned to the company’s risk taxonomy.
• Facilitate risk identification, risk acceptance, and risk treatment decisions with business and technology leaders.
• Analyze risk trends and metrics to provide insights that help leadership prioritize investments and focus efforts on the most material risks.
• Support executive and board-level reporting by translating technical risk into business-relevant language.

• Incident Response

• Facilitate communications between IT, Legal, Procurement, HR and business stakeholders during cybersecurity incident response
• Provide customer notification requirements to the Security Operations team to maintain as part of Cyber Operations IR plans
• Collaborate with Avnet Communications teams for external and internal cybersecurity communications
• Collaborate with Legal and Contracts teams for interpretation of contractual, regulatory, and other legal compliance requirements during cybersecurity incidents.

• Cybersecurity Certification Support

• Consult BISOs and Business stakeholders on the certification process, controls, scope, stakeholder identification, preparation for gap assessments, selecting an assessor and business funding.
• Provide guidance to the teams to be assessed or audited.
• Collaborate with BISOs, third-party assessors and stakeholders to schedule gap assessment interviews, attend gap assessment and certification assessment sessions as a facilitator/subject matter expert (SME) on GIS related topics.
• Provide consultation services for assessment and implementation quotes.
• Perform self-assessments of IT controls as part of approved project activities.

• Success Metrics

• Accurate and timely cybersecurity risk reporting
• Successful audit outcomes with reduced repeat findings
• Improved visibility into cybersecurity risks and remediation progress
• Increased adoption of governance standards and risk-based practices
• Other duties as assigned.

Team Management

• Manages direct managers and/or highly skilled specialists in multiple global regions who exercise significant latitude and independence. Often oversees one or more departments or related teams.

Work Experience:

• Typically 8+ years including 3+ years of management experience

Education and Certification(s):

• Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Distinguishing Characteristics:

• Multiple functional domains

What We Offer:

Our employees work hard to live our values and help us grow. Our total rewards strategy supports Avnet’s ability to attract, engage, develop, and reward our employees, while promoting a diverse and inclusive environment. We offer competitive compensation and benefit programs — from time away and flexible working arrangements to programs supporting employee well-being and opportunities to give back to your community.

• Generous Paid Time Off

• 401K and Pension Plan

• Paid Holidays

• Family Support (Paid Leave, Surrogacy, Adoption)

• Medical, Dental, Vision, and Life Insurance

• Long-term and Short-term Disability Insurance

• Health Savings Account / Flexible Spending Account

• Education Assistance

• Employee Development Resources

• Employee Wellness, Leadership Development and Mentorship Programs

Benefits listed above may vary depending on the nature of your employment with Avnet.

This position will have access to ITAR product and therefore be authorized to access product.  This position requires the employee to be a U.S. Citizen or National, or a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or a protected individual as defined by 8 U.S.C. 1324b(a)(3).

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.

Avnet is an Equal Opportunity Employer committed to providing equal opportunities to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex (including pregnancy), age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other characteristic protected by law. This policy of non-discrimination also applies to religious dress and grooming practices. Avnet will accommodate employee religious dress standards and grooming practices that do not result in undue hardship for the Company.  If you are interested in applying for employment with Avnet and need special assistance or an accommodation to apply for a posted position contact our Human Resources Service Center at (888) 994-7669.