Vendor Risk Management Consultant II

Bonus Type

Summary

We've built a culture at BOK Financial where amazing people (like you) can bring their best, be their best and work for the best. You've come to the right place to grow your career.

Job Description

The Vendor Risk Management Consultant II is primarily responsible for the day-to-day execution, operational integrity, and regulatory discipline of BOKF, NA's third party risk management (TPRM) program. This role ensures consistent, timely, and compliant completion of due diligence, risk assessments, issue management, and ongoing monitoring activities across the third-party lifecycle.

The VRC II supports program efficiency and reliability by identifying process gaps, challenging ineffective practices, and recommending practical improvements within the established policy and regulatory boundaries. The role applies independent judgment to assess risk, escalate concerns, and enforce requirements, while partnering with Vendor Relationship Owners (VROs) and functional risk teams to drive execution.

This position emphasizes operational excellence, regulatory adherence, and continuous improvement rather than enterprise strategy ownership or executive‑level advisory responsibilities. The role requires a high degree of independent judgment and critical thinking, including the ability to analyze risk holistically, evaluate evidence quality, and determine appropriate next steps based on risk rather than instruction.

Team Culture

Our risk management department is centered on vigilance, analytical thinking, and collaboration. Team members work together to identify, assess, and mitigate risks, creating an environment where growth and skill enhancement are highly valued. This proactive and cooperative approach ensures the bank's stability and resilience in a dynamic financial landscape.

How You'll Spend Your Time

• Execute third‑party due diligence, risk assessments, and ongoing monitoring activities in accordance with TPRM policy, standards, and regulatory requirements across the vendor lifecycle.
• Collect, validate, and critically assess vendor documentation (e.g., financials, audits, data classifications, BCPs, insurance) to identify gaps, inconsistencies, or control weaknesses.
• Challenge incomplete or non‑compliant submissions and require timely remediation prior to progression or risk acceptance.
• Apply independent risk judgment to determine appropriate resolution paths, including remediation, escalation, or subject matter expert review.
• Maintain accurate and complete vendor records, risk ratings, issues, and approvals; track findings and corrective actions through closure to ensure accountability.
• Identify process inefficiencies, redundancies, or control weaknesses within TPRM workflows and recommend practical, policy‑aligned improvements.
• Support regulatory exams, internal audits, and program adoption by preparing evidence, responding to inquiries, validating corrective actions, and providing procedural guidance to VROs and business partners.
• May perform other duties as assigned.

Education & Experience Requirements

A Bachelor’s Degree in a relevant field or equivalent practical experience. Typically, 3-5 years of experience within vendor risk management, compliance, audit, or a regulated operational risk function, with demonstrated experience executing risk assessments, due diligence reviews, issue tracking, and control validation. At a financial institution is a plus.

A Third Party Risk Management certification is highly desirable, such as CTPRA, CRISC, CISA, or CRVPM.

Preferred: Experience assessing AI/GenAI-enabled third parties (e.g., data usage, monitoring/logging, and model change management), applying data analysis for risk metrics and trend reporting, and leveraging automation/low-code tools to improve workflow efficiency while maintaining audit-ready documentation.

Working Conditions & Physical Requirements