There are a few things that could be blocking. This could be web content filtering or web protection.
You might consider adding a custom indicator to set the website to allow-warn for everyone if this is just a content filter. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-ip-domain
To scope the rule to one person, you need a device group. That is a bit messy.
You might also consider that your executives are highly vulnerable. If the website has a bad reputation, you might share the Virus Total report. You might also suggest that this exec can access the site from their personal devices instead.