Risk Management Analyst
So what does a Risk Management Analyst really do? Think of yourself as someone who will be responsible for establishing an internal fraud function which will identify fraud risks, recommend and implement preventative and detective controls, manage all fraud-related risks across operations and support teams, and monitor key controls for the detection and continuous audit of fraud risks, so not just anyone is qualified for this role. We make sure we get the best of the best, after all, we are a ridiculously good company so we make sure our employees are top notch. Now we need your full concentration because it’s time to imagine what it’s like being a Risk Management Analyst.
Imagine yourself going to work with one thing on your mind: that you will observe and document the operations of each campaign in process walkthroughs, identifying the key transactions of value to a fraudster, the relevant controls points within the procedures and systems access rights, any segregation of duties (SOD) deficiencies and the associated fraud risks. As you tackle your new tasks for the day, you know that it comes down to one thing: that you will provide early warning and rapid response for each and every alert.
As a Risk Management Analyst, you will work with Operations management and TaskUs clients to plan for the best business case to accept risks, implement internal controls to negate the risky processes or apply mitigating controls to reduce risks to acceptable levels. You will identify key transaction points that can be monitored and regularly audited for fraud detection. Upon the formation of this Fraud function, initial priority will be given to the biggest campaigns, those which have had recent fraud, or those which have registered high fraud risks per the self-assessments completed by Operations management. Ultimately, every campaign will be subject to a fraud prevention/detection audit and the respective control improvements implemented (or at least documented for client acceptance/deference). Additionally, this fraud prevention/detection audit process will be built into every new campaign implementation (or just after launch) in order to proactively address any fraud risks. You will conduct reviews for the identification of fraud risks, and recommend controls for the detection and prevention of fraud. You will complete assignments as directed to the Fraud Prevention and Audit team. You must stay current with new fraudulent activities that may breach TaskUs' security measures. You will recommend new technologies for fraud detection and prevention. You will develop internal control and governance procedures to ensure minimal risk of fraud. You will evaluate TaskUs and client applications for separation of duties issues and general internal control deficiencies which may contribute to fraud risk. You will provide reporting from continuous audit/monitoring initiatives once fraud risks and controls are mapped. You will work with IT and InfoSec engineers for the implementation of DLP and user activity monitoring controls. You will provide Fraud incident response support and fraud investigation. You will participate in fraud mapping exercises and continuous audit processes. You will maintain and update the relevant system and process documentation and develop ad-hoc reports as needed. You will perform a variety of other fraud and risk-related tasks.
So, do you have what it takes to become a Risk Management Analyst?
So, what is it we’re looking for? Well since this is Risk Management analyst role, we need someone who has a bachelor’s degree or a combination of education and experience. We also need someone with a minimum of 3 years audit and risk experience; at least one of those years focused on fraud prevention and detection. We also need someone who’s familiar with a variety of the field's concepts, practices, and procedures.
What else? Interest in the pursuit of an industry-recognized fraud, audit or security certification is preferred, such as CFE, CIA or CISA. Also, a demonstrated wide degree of creativity and latitude is expected in order to best align internal fraud controls with the business needs and to ensure that operational efficiencies and client satisfaction are duly considered. Sound technical writing, documentation, and communication skills are required. Proficiency is needed in terms of the understanding of enterprise, network, system, and application-level security issues.
What else? An understanding of the system hardening processes, tools, guidelines, and benchmarks. We also need someone with experience with DLP and fraud detection technologies. Also, it should have excellent project management skills with the ability to self-start projects. The ability to handle sensitive and/or confidential material and information with suitable discretion. We also need someone with excellent interpersonal skills and a professional demeanor. BPO contact center experience preferred, but not required.