Supply Chain Manager helping scale a world-class Security Vendor Risk Management program at Webflow. Transforming third-party risk management into a proactive, data-informed capability.
Responsibilities
Own and lead the end-to-end Security Supply Chain Risk Management program, including strategy, governance, tooling, and continuous improvement across third-party, software, and vendor ecosystems.
Perform detailed third-party security risk assessments aligned with industry frameworks (e.g. SOC, ISO 27001, NIST), evaluating control effectiveness, data handling practices, and supply chain security risks.
Drive cross-functional alignment across Security, IT, Legal, and Procurement serving as the subject matter expert on external supply chain risk and ensuring comprehensive risk visibility and coverage.
Train and educate employees on supply chain security best practices and ensure awareness throughout the organization
Establish automation, metrics, and threat monitoring capabilities to proactively identify emerging supply chain risks, quantify exposure, and continuously strengthen the organization’s third-party and software security posture.
Contribute to the development and maintenance of security vendor risk management policies and procedures
Requirements
BA/BS degree or equivalent experience
7+ experience in Security Supply Chain, Vendor Risk Manager, Vendor Due Diligence or relevant work experience.
Knowledgeable in security supply chain fundamentals, including common frameworks & privacy regulations
Benefits
Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
Wellness for the whole you. Access to mental health resources, therapy and coaching.
Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.