Security Supply Chain Manager

At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.

We’re looking for a Supply Chain Manager to help us build and scale a world-class Security Vendor Risk Management program that enables Webflow to move fast with confidence. You’ll transform third-party risk management from a reactive compliance function into a proactive, data-informed capability—leveraging automation, actionable metrics, and cross-functional partnership to anticipate emerging threats before they impact the business.

You will ensure that as Webflow grows, innovates, and integrates new technologies—including AI—our external ecosystem remains secure, resilient, and aligned with the high bar of quality, craft, and customer trust that defines our brand.

About the role:

• Location: Remote-first (United States; BC & ON, Canada)
• Part-Time
• Permanent
• Exempt
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States  (all figures cited below are in USD and pertain to workers in the United States)
    
    • Zone A: $172,000 - $262,000
    • Zone B: $161,000 - $247,000
    • Zone C: $151,000 - $231,000
  • Canada (figures cited below are in CAD and pertain to workers in ON & BC, Canada)
    • $195,000 - $298,000

This role is also eligible to participate in Webflow's company-wide bonus program. Target amounts are a percentage of base salary and vary by career level. Payouts are based on company performance against established financial and operational goals. 

Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Application Information:
  • Application deadline: applications accepted on an ongoing basis until position is closed and filled
  • This posting is for a new position 
• Reporting to the Senior Manager, Security Compliance 

As a Security Supply Chain Manager, you’ll … 

• Own and lead the end-to-end Security Supply Chain Risk Management program, including strategy, governance, tooling, and continuous improvement across third-party, software, and vendor ecosystems.
• Perform detailed third-party security risk assessments aligned with industry frameworks (e.g. SOC, ISO 27001, NIST), evaluating control effectiveness, data handling practices, and supply chain security risks.
• Drive cross-functional alignment across Security, IT, Legal, and Procurement serving as the subject matter expert on external supply chain risk and ensuring comprehensive risk visibility and coverage.
• Train and educate employees on supply chain security best practices and ensure awareness throughout the organization
• Establish automation, metrics, and threat monitoring capabilities to proactively identify emerging supply chain risks, quantify exposure, and continuously strengthen the organization’s third-party and software security posture.
• Contribute to the development and maintenance of security vendor risk management policies and procedures

About you:

Requirements:

• BA/BS degree or equivalent experience
• 7+ experience in Security Supply Chain, Vendor Risk Manager, Vendor Due Diligence or relevant work experience.
• Knowledgeable in security supply chain fundamentals, including common frameworks & privacy regulations

You’ll thrive as a Security Supply Chain Manager if you:

• Think beyond individual assessments to design, scale, and mature a full supply chain security program, aligning security strategy with business objectives and global risk exposure.
• Established Vendor Risk Management programs that truly orient on risk based outcomes, not just boiler plate workflow
• Able to interpret complex technical findings (architecture reviews, software risks, penetration testing results, threat intelligence) and translate them into quantified business risk and prioritized action plans.
• Anticipates emerging supply chain threats, geopolitical risks, and industry trends, implementing preventative controls and automation before risks materially impact the organization.
• Regularly refines assessment methodologies, metrics (KPIs/KRIs), and monitoring practices to mature the Security Supply Chain Risk Management program over time.
• Build with an AI first focus to reduce friction and increase velocity to enable the business
• Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact.

Our Core Behaviors:

• Build lasting customer trust. We build trust by taking action that puts customer trust first.
• Win together. We play to win, and we win as one team. Success at Webflow isn't a solo act.
• Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
• Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar.

Benefits

• Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
• Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
• Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
• Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
• Wellness for the whole you. Access to mental health resources, therapy and coaching.
• Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally. 
• Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
• Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.

Remote, together

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor. 

Please note:

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.

To join Webflow, you'll need a valid right to work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.