Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web. 

As an Information Security Compliance Analyst on Webflow's new Security and Compliance team, you will work with the Senior Information Security Manager to help us meet compliance and certification needs. You will work as part of a team to establish and improve corporate security requirements by evaluating business strategies and requirements, researching information security standards, performing risk assessments, and managing our ongoing compliance efforts, particularly as they relate to the Webflow applications. Key responsibilities include managing company-wide compliance, risk management, vendor due diligence, security awareness training, and assisting with internal and external audits.

About the role 

• Location: San Francisco HQ or remote
• Full- time

As an Information Security Compliance Analyst you’ll … 

• Act as an advocate of information security policies and standards
• Track compliance across multiple frameworks such as SOC2 and ISO while maintaining up-to-date records of requirements and corresponding mitigating controls
• Partner with product and engineering teams on security procedures around governance, monitoring, and remediation practices
• Partner with our legal team on matters involving customer privacy
• Stay current on cloud security policies, standards, regulations, and best practices
• Work with the BizOps team to respond to customer questions regarding security, compliance, and resilience
• Manage various security programs, such as vendor compliance records maintenance; company-wide compliance communications; preventative automation controls; and business continuity and disaster recovery analysis

That said, these responsibilities are just the start! At Webflow, we encourage you to contribute wherever your interests take you — and shape your role accordingly. And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to pursue passion projects outside of your role responsibilities. 

About you 

You’ll thrive as an Information Security Compliance Analyst if you:

• Prior experience working for growing SaaS companies that operate in the cloud
• Have led the effort for obtaining and maintaining SOC2, and/or ISO 27001 certifications
• Managed internal risk programs and external vendor relationships
• Familiarity with privacy regulations such as GDPR, and CCPA
• Conducted and produced company-wide security awareness training
• Experience producing security related communications to stakeholders and company leadership
• Experience with GRC tools such as ServiceNow or OneTrust

If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements.

About us 

At Webflow, we believe that our success will be defined not only by what we do — but also by how and why we do it. So, here is the Webflow “why” and our “how”: 

Our dual missions — one for the world, one for us

1. For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
2. For ourselves: Lead fulfilling, impactful lives.

Our core behaviors (how we act)

1. Start with customers
2. Practice extraordinary kindness
3. Be radically candid
4. Move intentionally fast
5. Just fix it
6. Lead by serving others
7. Dream big

Our commitments to you 

• We’ll pay you! This is a full-time, salaried position that includes equity
• We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses 
• We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days 
• We offer flexible parental leave 
• We provide remote employees with the equipment they need to create a great remote work environment 
• We will offer you the support you need to help you grow as an impactful Security Professional and a human being 

Ready to apply?

If you share our values and enthusiasm for empowering the world, we’d love to review your application! We promise we do take the time and care to review every application we receive. However, as much as we wish we could interview everyone who submits an application, we cannot guarantee an interview or feedback due to the unprecedented volume of applications we are receiving today. We are rooting for you, and hope you do consider applying.