GRC Analyst I

Position Summary

The Governance, Risk, and Compliance Analyst I is an opportunity to be part of the shift from traditional, audit‑driven compliance to a more proactive, risk‑informed way of working. In this role, you’ll partner with teams across VGM to support governance, identify and track risk early, and help ensure we meet our regulatory and accreditation obligations—so work can move forward with clarity, consistency, and fewer surprises.This position is designed for individuals eager to build foundational experience in GRC across a variety of business units and regulatory environments. The Analyst will assist in maintaining internal controls, supporting risk assessments, and promoting compliance with applicable laws, standards, and ethical practices. This role is collaborative, cross-functional, and essential to fostering a culture of integrity and accountability across the enterprise.

Key Responsibilities

• Provide governance oversight for emerging technologies, including Artificial Intelligence (AI), ensuring adherence to organizational policies and ethical standards.
• Assist in the development, review, and maintenance of internal policies and procedures.
• Support governance committees and working groups by preparing materials and documenting outcomes.
• Help ensure organizational policies remain current and aligned with business objectives and ethical standards.
• Contribute to initiatives around emerging governance topics, such as AI ethics or data governance.
• Participate in enterprise risk assessments and help maintain the organization’s risk register
• Support third-party risk management activities, including vendor due diligence and monitoring.
• Track remediation efforts related to identified risks or audit findings.
• Collaborate with business units to identify and mitigate operational and strategic risks.
• Monitor changes in laws, regulations, and standards that may impact the organization.
• Assist in preparing for internal and external audits by collecting evidence and maintaining documentation.
• Help ensure compliance with applicable regulatory requirements across departments.
• Contribute to the development and delivery of compliance training and awareness programs.
• Work with teams across IT, HC, Finance, and Operations to support initiatives.
• Serve as a liaison for routing compliance questions or concerns to appropriate channels.
• Promote a culture of transparency and ethical behavior through communication and engagement.
• Support privacy and data protection efforts, including documentation and response coordination.
• Assist in incident response planning and reporting in collaboration with the security team.

 Key Qualifications

• Bachelor’s degree in business, Information Systems, Risk Management, or a related field preferred.
• 0-2+ years of experience in governance, risk management, compliance, or internal audit.
• Familiarity with GRC frameworks or standards (e.g., SOC 1/2, HIPAA, GDPR, PCI-DSS, ISO 27001, NIST, etc.) is a plus.
• Strong analytical and critical thinking skills.
• Excellent written and verbal communication abilities.
• Ability to manage multiple tasks and adapt to changing priorities.
• High level of integrity, confidentiality, and attention to detail.
• Collaborative mindset and willingness to learn.
• Proficiency in Microsoft Excel and PowerPoint.
• Experience with GRC platforms or tools is a plus.

Physical Requirements

• Ability to work at a desk, use office equipment, and participate in virtual or in-person meetings.

This job description reflects the general duties of the job but is not a detailed description of all duties which may be inherent to the position. Reasonably related additional duties may be assigned to the individual Associate.

VGM Group, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, pregnancy, national origin, disability, genetic information, military or veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.