Risk Data Scientist

About the Role

Forward processes payments for thousands of merchants across dozens of partner platforms.

The Risk Data Scientist's job is to build the model-driven intelligence layer that replaces static rules with adaptive, evidence-based decisioning across three risk domains: merchant underwriting and approval optimization, real-time transaction fraud and anomaly detection, and AML/transaction monitoring and SAR prioritization. You will own the full modeling lifecycle - from problem framing and feature engineering to training, validation, deployment, monitoring, and regulatory governance.

This is applied ML in a high-stakes, regulated financial context. Models you build will directly determine approval rates, fraud loss rates, chargeback exposure, and SAR filing quality. They will be scrutinized by bank sponsors, card networks, and regulators. The work demands both technical rigor and regulatory fluency: someone who understands why a gradient boosting ensemble outperforms logistic regression on imbalanced fraud data AND why SHAP explainability is a compliance requirement under ECOA adverse action rules.

Forward is early in this journey. The person who takes this role will define the ML architecture, build the model governance framework, and set the standard for how Forward uses machine learning in regulated financial services.

Key Responsibilities

Merchant Risk: Underwriting and Approval Rate Optimization

• Build and own the merchant risk scoring model - the centerpiece of Forward's move from static rules to model-based decisioning. This model drives tier assignment (auto-approve, conditional approve, RFI, decline) for every merchant application, replacing hand-coded thresholds with evidence-based probability scores.

• Design vertical-specific scoring variants for contractor/home services, healthcare, and hospitality - each with distinct chargeback profiles, fraud patterns, and volume distribution that a single generalized model cannot capture.

• Build bust-out fraud detection models that catch the full behavioral arc: months of normal volume cultivating trust, followed by rapid drawdown. Use graph neural network (GNN) approaches to surface shared infrastructure - phone numbers, IP ranges, device fingerprints, bank accounts - across seemingly unrelated merchants in the same fraud ring. At scale, GNN-based ring detection catches 40%+ more coordinated fraud than models that evaluate merchants in isolation.

• Integrate model scores as dynamic inputs to Taktile rules - not as replacements for rules, but as continuous risk signals that allow thresholds to flex based on model confidence. A merchant with a 95% confidence clean score should not face the same velocity friction as one at 60%.

• Measure outcomes in business terms: approval rate lift, false positive rate reduction, and chargeback rate per merchant segment vs. Visa/Mastercard program thresholds.

Transaction Risk: Real-Time Fraud and Anomaly Detection

• Build real-time transaction fraud scoring that operates within the authorization window: sub-100ms latency from scoring request to decisioning output. Design the feature engineering architecture - feature store, pre-computed signals, streaming aggregations - that makes this latency target achievable on Forward's Snowflake-based stack.

• Build card testing detection models using high-frequency, low-value authorization pattern recognition - with explicitly defined precision and recall targets. Flag the pattern before the fraudster pivots to high-value transactions.

• Develop merchant behavioral baseline models that detect deviations before they become losses: MCC drift, refund rate spikes, chargeback ratio changes, velocity anomalies, and settlement manipulation patterns. Build portfolio-level exposure models that surface correlated risk across the merchant book before it crystallizes into loss events.

• Use unsupervised approaches - isolation forests, autoencoders - for emerging fraud typologies that have no labeled training data yet, layered alongside supervised models for known patterns. Unknown unknowns are where bust-out fraud lives before it gets named.

AML and Transaction Monitoring

• Partner with the Compliance team to evolve rule-based transaction monitoring into a hybrid system: rules for explainability and auditability, ML for alert prioritization, coverage, and signal quality.

• Build SAR prioritization models that score open TM alerts by money laundering typology risk - enabling analyst triage to focus on highest-risk cases first. The industry baseline for AML false positive rates is 50-90%. The target here is below 40%, achieved through model-driven scoring rather than alert volume alone.

• Build structuring detection models that complement velocity rules with behavioral pattern recognition: temporal sequencing, counterparty relationships, amount clustering, and network-level coordination signals.

• Own the quantitative side of SAR quality: alert-to-SAR conversion rate, filing timeliness (regulatory deadline: 30 days from identifying reportable activity), and case investigation time - from hours toward minutes via ML-assisted triage.

• Build chargeback propensity models at merchant and transaction level - predict likelihood of dispute before it occurs, enabling proactive intervention and reserve adjustment rather than post-facto loss absorption.

• Create early warning indicators for merchants approaching Visa/Mastercard chargeback program thresholds (1% standard, 1.5% excessive), with 30+ days of lead time for intervention.

Model Governance and Regulatory Compliance

• Own the model risk management framework for every model you deploy - compliant with the April 2026 revised interagency guidance (the update to SR 11-7 issued by the OCC, Federal Reserve, and FDIC): model inventory and ownership documentation, validation standards, performance monitoring protocols, and retraining triggers.

• Implement explainability for every model in production: SHAP or LIME-based feature contribution analysis for ECOA adverse action compliance. If a merchant application is declined or a transaction is flagged, the reason must be expressible in human-understandable terms. "The algorithm decided" is legally indefensible.

• Build champion/challenger testing infrastructure: new model versions run in shadow mode, outcomes tracked, performance compared against the incumbent before any threshold change goes live.

• Document bias testing and fairness analysis for underwriting models: disparate impact analysis, false positive rate parity across merchant segments, and mitigation strategies - required for CFPB/ECOA compliance and bank sponsor disclosure.

• Work directly with bank sponsors (CRB, Fiserv) on model disclosure: architecture documentation, validation evidence, and performance reporting that satisfies sponsor audit requirements.

MLOps and Model Infrastructure

• Own the full model deployment lifecycle: model versioning and experiment tracking (MLflow or equivalent), CI/CD pipeline for model promotion, serving infrastructure for real-time scoring, and monitoring for performance drift, feature drift, and calibration decay.

• Design the real-time feature pipeline architecture: define which features are pre-computed and cached (velocity counters, behavioral baselines), which are served from a feature store (Tecton, Feast, or equivalent), and how training and serving features stay consistent to eliminate training-serving skew.

• Build automated alerting for model performance degradation: precision/recall decline, calibration drift, feature distribution shifts, and anomalous alert volume spikes that signal input data has changed.

• Define retraining protocols for each model: what triggers a retrain, how training data is constructed with point-in-time correctness, and how the new version is validated before promotion.

Data Pipelines and Warehouse

• Design, build, and maintain data pipelines that feed model training and serving: batch ETL from Snowflake for historical training lookbacks, and streaming pipelines for real-time feature computation on transaction events.

• Build and maintain training data infrastructure: labeled fraud datasets, outcome tracking (what happened to each flagged merchant or transaction?), and point-in-time feature retrieval that prevents data leakage in training.

• Implement data quality monitoring, schema validation, and lineage tracking across all pipelines - a regulatory auditability requirement, not optional engineering hygiene.

Required Qualifications

• 4+ years in data science or machine learning with a track record of building and deploying fraud detection, credit risk, or anomaly detection models in production - not just in notebooks.

• Deep experience with gradient boosting frameworks (XGBoost, LightGBM, CatBoost) and ensemble methods on severely imbalanced financial datasets, including class imbalance handling via SMOTE, cost-sensitive weighting, and threshold calibration.

• Strong statistical grounding: AUC-PR vs. AUC-ROC trade-offs, calibration requirements for probability outputs, and hypothesis testing for model comparison and threshold selection.

• Ability to build explainable, auditable models: SHAP, LIME, feature importance analysis, and familiarity with ECOA adverse action requirements for ML-driven decisions in regulated contexts.

• Strong Python and SQL at production scale - not just model training, but feature engineering, pipeline development, and Snowflake query optimization.

• Experience integrating ML model outputs into rules engines or decisioning systems: scores as inputs that modify rule behavior, not standalone decisions that bypass audit trails.

• Familiarity with ML model governance: documentation requirements, validation protocols, performance monitoring, and retraining discipline.

Preferred Qualifications

• Real-time fraud scoring infrastructure experience: feature stores (Tecton, Feast, or equivalent), model serving frameworks (Ray Serve, KServe, or similar), and sub-100ms latency architecture design.

• Graph neural network (GNN) or graph-based entity relationship analysis for fraud ring detection.

• BSA/AML modeling: transaction monitoring, structuring detection, SAR prioritization models.

• Familiarity with SR 11-7 / April 2026 revised interagency model risk management guidance, or equivalent regulated financial institution model governance frameworks.

• ECOA adverse action explainability and CFPB compliance context.

• PFAC, acquiring, or payment processor domain knowledge: chargeback mechanics, Visa/Mastercard program thresholds, card network rules, and acquirer reserve management.

• MLOps tooling: MLflow, SageMaker, Vertex AI; model registry, experiment tracking, and automated retraining pipelines.

• Snowflake (Snowpark, query optimization, Snowpipe), dbt, and streaming frameworks (Kafka, Flink, Spark Structured Streaming).

What Success Looks Like

Model Performance

• Fraud detection models operate with explicitly set precision and recall targets - AUC-PR is the primary model quality metric, not overall accuracy on an imbalanced dataset.

• Model calibration is verified: a score of 70% fraud risk corresponds to approximately 70% actual fraud rate. Analysts and compliance teams can trust the probability outputs.

• Feature drift and model performance degradation are detected automatically - not discovered via a chargeback spike or a partner escalation.

Business Outcomes

• Merchant approval rate improves measurably after model-driven decisioning replaces static rule thresholds - target: meaningful lift within 6 months of first model deployment, without a corresponding increase in loss rate.

• Fraud loss rate (BPS of GPV) trends down quarter-over-quarter across the merchant book.

• Chargeback rates stay within Visa/Mastercard program thresholds for all merchant segments, with early warning models giving 30+ days of lead time before a merchant crosses a threshold.

• False positive rate is tracked as a first-class business metric: declined legitimate transactions are a revenue and customer friction cost, not an acceptable side effect of risk management.

AML and Compliance

• TM alert false positive rate moves from the industry baseline of 50-90% toward a target below 40%, enabling analysts to spend time on real risk.

• SAR filing timeliness is 100%: every identified reportable activity is filed within the 30-day regulatory deadline.

• Model governance documentation is current, complete, and audit-ready - no scramble when a bank sponsor requests model disclosure.

Architecture and Scale

• Real-time fraud scoring operates within the authorization window: p95 latency under 100ms end-to-end.

• Model deployment is automated and safe: champion/challenger testing in place, no production promotion without validated performance evidence.

• Training-serving consistency is guaranteed: features at prediction time match features used in training, with no data leakage in historical training sets.

• The modeling architecture is documented and transferable - Forward's ML capability does not depend on any single person to operate.

What We Offer

• Competitive salary and equity package.

• Comprehensive health, dental, and vision benefits.

• Flexible work arrangements and generous PTO.

• Learning & development budget for conferences, courses, and certifications.

• The opportunity to define the ML architecture and model governance standard at a payments company scaling 45x - building from rules-based to model-driven decisioning across merchant risk, real-time transaction fraud, and AML.

Location

Austin, TX