Vendor Risk Management Consultant II

Req ID: 77811

Location: Tulsa -TUL

Areas of Interest: Risk Management; Audit; Data; Information Security; Portfolio Management; Project Management; Risk Management, BSA/AML; Risk Management, Compliance

Pay Transparency Salary Range: Not Available

Application Deadline: 04/23/2026

BOK Financial Corporation Group includes BOKF, NA; BOK Financial Securities, Inc. and BOK Financial Private Wealth, Inc. BOKF, NA operates TransFund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions: Bank of Albuquerque; Bank of Oklahoma; Bank of Texas and BOK Financial.

Bonus Type

Discretionary

Summary

We've built a culture at BOK Financial where amazing people (like you) can bring their best, be their best and work for the best. You've come to the right place to grow your career.

Job Description

The Vendor Risk Management Consultant II is primarily responsible for the day-to-day execution, operational integrity, and regulatory discipline of BOKF, NA's third party risk management (TPRM) program. This role ensures consistent, timely, and compliant completion of due diligence, risk assessments, issue management, and ongoing monitoring activities across the third-party lifecycle.

The VRC II supports program efficiency and reliability by identifying process gaps, challenging ineffective practices, and recommending practical improvements within the established policy and regulatory boundaries. The role applies independent judgment to assess risk, escalate concerns, and enforce requirements, while partnering with Vendor Relationship Owners (VROs) and functional risk teams to drive execution.

This position emphasizes operational excellence, regulatory adherence, and continuous improvement rather than enterprise strategy ownership or executive‑level advisory responsibilities. The role requires a high degree of independent judgment and critical thinking, including the ability to analyze risk holistically, evaluate evidence quality, and determine appropriate next steps based on risk rather than instruction.

Team Culture

Our risk management department is centered on vigilance, analytical thinking, and collaboration. Team members work together to identify, assess, and mitigate risks, creating an environment where growth and skill enhancement are highly valued. This proactive and cooperative approach ensures the bank's stability and resilience in a dynamic financial landscape.

How You'll Spend Your Time

• Execute third‑party due diligence, risk assessments, and ongoing monitoring activities in accordance with TPRM policy, standards, and regulatory requirements across the vendor lifecycle.
• Collect, validate, and critically assess vendor documentation (e.g., financials, audits, data classifications, BCPs, insurance) to identify gaps, inconsistencies, or control weaknesses.
• Challenge incomplete or non‑compliant submissions and require timely remediation prior to progression or risk acceptance.
• Apply independent risk judgment to determine appropriate resolution paths, including remediation, escalation, or subject matter expert review.
• Maintain accurate and complete vendor records, risk ratings, issues, and approvals; track findings and corrective actions through closure to ensure accountability.
• Identify process inefficiencies, redundancies, or control weaknesses within TPRM workflows and recommend practical, policy‑aligned improvements.
• Support regulatory exams, internal audits, and program adoption by preparing evidence, responding to inquiries, validating corrective actions, and providing procedural guidance to VROs and business partners.
• May perform other duties as assigned.

Education & Experience Requirements

A Bachelor's Degree in a relevant field or equivalent practical experience. Typically, 3-5 years of experience within vendor risk management, compliance, audit, or a regulated operational risk function, with demonstrated experience executing risk assessments, due diligence reviews, issue tracking, and control validation. At a financial institution is a plus.

A Third Party Risk Management certification is highly desirable, such as CTPRA, CRISC, CISA, or CRVPM.

Preferred: Experience assessing AI/GenAI-enabled third parties (e.g., data usage, monitoring/logging, and model change management), applying data analysis for risk metrics and trend reporting, and leveraging automation/low-code tools to improve workflow efficiency while maintaining audit-ready documentation.

Working Conditions & Physical Requirements

Office

BOK Financial Corporation Group is a stable and financially strong organization that provides excellent training and development to support building the long term careers of employees. With passion, skill and partnership you can make an impact on the success of the bank, customers and your own career!

Apply today and take the first step towards your next career opportunity!

The companies in BOK Financial Corporation Group are equal opportunity employers. We are committed to providing equal employment opportunities for training, compensation, transfer, promotion and other aspects of employment for all qualified applicants and employees without regard to sex, race, color, religion, national origin, age, disability, pregnancy status, sexual orientation, genetic information or veteran status.

Please contact recruiting_coordinators@bokf.com with any questions.