About Wisr.ai
Wisr.ai builds modern third-party risk scoring that helps teams understand, prioritize, and communicate vendor risk faster. Our focus is client outcomes: clearer risk signals, fewer false positives, and scoring that stands up in real procurement, security reviews, and audits.
Role Summary
This is not an internal vendor risk analyst role. You will help improve Wisr.ai's risk scoring itself.
You are a third-party risk subject matter expert who can translate real-world TPRM workflows into product improvements. You will partner with Product, Engineering, and Data to strengthen the scoring model, define risk factors, validate signals, improve explainability, and ensure our scores are defensible and useful for clients.
What You'll Do
Strengthen risk scoring methodology
- Define and refine third-party risk factors, scoring logic, weighting, and tiers (criticality, inherent risk, control maturity, likelihood, impact).
- Build a clear scoring methodology that clients can understand and trust, including what drives a score and what actions to take next.
- Improve score explainability and supporting evidence, including why this score narratives and recommended mitigations.
Validate signals and reduce noise
- Evaluate data sources and signals for relevance, accuracy, timeliness, and bias.
- Run structured reviews of false positives and false negatives, then propose scoring and product changes.
- Create validation approaches, benchmark sets, and QA checks to keep scoring consistent over time.
Translate client needs into product requirements
- Join client calls to understand how customers assess vendor risk, how they report it, and what decisions the score needs to support.
- Turn findings into crisp PRDs, user stories, acceptance criteria, and test cases for scoring enhancements.
- Partner with Customer Success and Sales to support pilots, scoring reviews, and escalations when needed.
Build content and internal enablement
- Create internal playbooks for scoring reviews, risk factor definitions, and common client questions.
- Develop guidance that helps clients operationalize the score (triage workflows, review thresholds, remediation paths).
What You Bring
Required
- 3+ years in third-party risk management (TPRM), vendor risk, security governance, or related risk roles.
- Strong understanding of security and compliance fundamentals used in vendor assessments (SOC 2, ISO 27001, NIST CSF, SIG, CAIQ, etc.).
- Proven ability to turn messy, real-world risk inputs into structured frameworks, scoring logic, and actionable recommendations.
- Excellent writing and communication skills. You can explain risk clearly to both technical and non-technical stakeholders.
- Comfort working cross-functionally with product and engineering teams, including shaping requirements and iterating quickly.
Nice to Have
- Experience building or tuning risk models, scoring systems, or decision frameworks (qualitative or quantitative).
- Familiarity with data analysis (Excel/Sheets, SQL, or Python) and experimentation mindset.
- Experience with procurement workflows, vendor due diligence, and audit-readiness expectations.
- Background in security operations, GRC, or consulting.
