Chief Information Security Officer

At Webflow, our mission is to bring development superpowers to everyone. Webflow is a Website Experience Platform (WXP) that empowers modern marketing teams to visually build, manage, and optimize stunning websites. With AI-driven personalization baked in, Webflow enables teams to significantly boost conversion rates, translating directly into measurable business growth. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative.

We’re looking for a Chief Information Security Officer (CISO) to play a pivotal role in securing our platform, protecting our customers’ data, and innovating to ensure our security posture aligns with the industry’s highest standards.

• Location: Remote-first (United States)
• Full-time
• Permanent 
• Exempt
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
• United States  (all figures cited below are in USD and pertain to workers in the United States) 
  • $200,000 - $350,000

This role is also eligible to participate in Webflow's company-wide bonus program. Target amounts are a percentage of base salary and vary by career level. Payouts are based on company performance against established financial and operational goals. 

Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

Reporting to the Chief Technology Officer, as Webflow’s Chief Information Security Officer (CISO), you will:

• Develop and Lead Security Strategy: Create and implement a comprehensive security vision that safeguards Webflow’s infrastructure, products, user data, and company data.
• Drive Cross-Functional Collaboration: Partner with engineering, product, legal, compliance, and executive leadership to embed security into every layer of our business.
• Ensure Regulatory Compliance: Oversee compliance with security-related regulations such as GDPR, SOC 2 Type 2, ISO 27001, and ISO 42001 ensuring robust data privacy and integrity.
• Respond to Emerging Threats: Proactively identify, assess, and mitigate cybersecurity risks in Webflow’s dynamic, cloud-first environment.
• Establish Metrics and Reporting: Define and report on key security program metrics to measure the maturity and effectiveness of security initiatives.
• Foster a Security-Conscious Culture: Lead initiatives to educate employees and customers about cybersecurity best practices.

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

You’ll thrive as our CISO if you have:

• Experience:
• 10+ years in information security, with at least 5 years in a leadership role, ideally within SaaS or high-growth environments.
• Proven track record of securing dynamic, cloud-based platforms (strong preference for AWS).
• Expertise in implementing and monitoring adherence to compliance frameworks (e.g., SOC 2 Type 2, ISO 27001, FedRAMP).
• Experience leading security teams, conducting audits, and managing security incident response in a SaaS environment.
• Technical Skills:
• Deep knowledge of security protocols, tools, and standards such as NIST Cybersecurity Framework or CIS Controls.
• Familiarity with DevSecOps practices in CI/CD pipelines.
• Proficiency in risk assessment, penetration testing, and vulnerability management.
• Leadership:
• Excellent communication skills to translate technical security issues into actionable insights for diverse audiences.
• Ability to build and develop high-performing, inclusive security teams.
• Certifications:
• Preferred certifications: CISSP, CISM, or equivalent.

Our Core Behaviors:

• Obsess over customer experience. We deeply understand what we’re building and who we’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers
• Move with heartfelt urgency. We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment
• Say the hard thing with care. Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care
• Make your mark. We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as a team to get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates

Benefits & wellness

• Equity ownership (RSUs) in a growing, privately-owned company.
• 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent care Flexible Spending Account (US only), dependent on insurance plan selection where applicable in the respective country of employment; Employees may also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness where applicable in the respective country of employment
• 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave (where local requirements are more generous employees receive the greater benefit); Employees also have access to family planning care and reimbursement
• Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations (where local requirements are more generous employees receive the greater benefit), and sabbatical program
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
• Monthly stipends to support health and wellness, smart work, and professional growth
• Professional career coaching, internal learning & development programs
• 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage
• Discounted Pet Insurance offering (US only)
• Commuter benefits for in-office employees

Temporary employees are not eligible for paid holiday time off, accrued paid time off, paid leaves of absence, or company-sponsored perks unless otherwise required by law.

Remote, together

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor. 

Please note:

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.

To join Webflow, you'll need a valid right to work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.