Vendor Risk Management Consultant II
About The Position
The Vendor Risk Management Consultant II is primarily responsible for the day-to-day execution, operational integrity, and regulatory discipline of BOKF, NA's third party risk management (TPRM) program. This role ensures consistent, timely, and compliant completion of due diligence, risk assessments, issue management, and ongoing monitoring activities across the third-party lifecycle. The VRC II supports program efficiency and reliability by identifying process gaps, challenging ineffective practices, and recommending practical improvements within the established policy and regulatory boundaries. The role applies independent judgment to assess risk, escalate concerns, and enforce requirements, while partnering with Vendor Relationship Owners (VROs) and functional risk teams to drive execution. This position emphasizes operational excellence, regulatory adherence, and continuous improvement rather than enterprise strategy ownership or executive‑level advisory responsibilities. The role requires a high degree of independent judgment and critical thinking, including the ability to analyze risk holistically, evaluate evidence quality, and determine appropriate next steps based on risk rather than instruction.
Requirements
- A Bachelor’s Degree in a relevant field or equivalent practical experience.
- Typically, 3-5 years of experience within vendor risk management, compliance, audit, or a regulated operational risk function, with demonstrated experience executing risk assessments, due diligence reviews, issue tracking, and control validation.
- At a financial institution is a plus.
Nice To Haves
- A Third Party Risk Management certification is highly desirable, such as CTPRA, CRISC, CISA, or CRVPM.
- Experience assessing AI/GenAI-enabled third parties (e.g., data usage, monitoring/logging, and model change management), applying data analysis for risk metrics and trend reporting, and leveraging automation/low-code tools to improve workflow efficiency while maintaining audit-ready documentation.
Responsibilities
- Execute third‑party due diligence, risk assessments, and ongoing monitoring activities in accordance with TPRM policy, standards, and regulatory requirements across the vendor lifecycle.
- Collect, validate, and critically assess vendor documentation (e.g., financials, audits, data classifications, BCPs, insurance) to identify gaps, inconsistencies, or control weaknesses.
- Challenge incomplete or non‑compliant submissions and require timely remediation prior to progression or risk acceptance.
- Apply independent risk judgment to determine appropriate resolution paths, including remediation, escalation, or subject matter expert review.
- Maintain accurate and complete vendor records, risk ratings, issues, and approvals; track findings and corrective actions through closure to ensure accountability.
- Identify process inefficiencies, redundancies, or control weaknesses within TPRM workflows and recommend practical, policy‑aligned improvements.
- Support regulatory exams, internal audits, and program adoption by preparing evidence, responding to inquiries, validating corrective actions, and providing procedural guidance to VROs and business partners.
- May perform other duties as assigned.
Benefits
- excellent training and development to support building the long term careers of employees
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
