GRC Analyst

Headquartered in Waterloo, Iowa, VGM is a 100% employee-owned company providing business and professional services to thousands of business customers across North America. Services include group purchasing, commercial insurance, management of healthcare services and networks in post-acute cases, healthcare distribution direct to patient homes, specialty consulting, online education, digital, print, and traditional marketing and more. VGM employs approximately 1,700 people across 40 states and Canada, with more than 1,100 working in Iowa.

VGM has been named the Top Workplace in Iowa on multiple occasions and is proud of its role in the communities in which it serves. For more information visit  

Position Summary

The Governance, Risk, and Compliance Analyst I is an opportunity to be part of the shift from traditional, audit‑driven compliance to a more proactive, risk‑informed way of working. In this role, you’ll partner with teams across VGM to support governance, identify and track risk early, and help ensure we meet our regulatory and accreditation obligations—so work can move forward with clarity, consistency, and fewer surprises.

This position is designed for individuals eager to build foundational experience in GRC across a variety of business units and regulatory environments. The Analyst will assist in maintaining internal controls, supporting risk assessments, and promoting compliance with applicable laws, standards, and ethical practices. This role is collaborative, cross-functional, and essential to fostering a culture of integrity and accountability across the enterprise.

Reporting Accountability: Director of Risk Management

Working Location: Waterloo, IA (Hybrid or Remote options available)

Work Hours Classification: Full-time, Monday-Friday with additional off hours as required by business need.

Key Responsibilities

• Provide governance oversight for emerging technologies, including Artificial Intelligence (AI), ensuring adherence to organizational policies and ethical standards.
• Assist in the development, review, and maintenance of internal policies and procedures.
• Support governance committees and working groups by preparing materials and documenting outcomes.
• Help ensure organizational policies remain current and aligned with business objectives and ethical standards.
• Contribute to initiatives around emerging governance topics, such as AI ethics or data governance.
• Participate in enterprise risk assessments and help maintain the organization’s risk register
• Support third-party risk management activities, including vendor due diligence and monitoring.
• Track remediation efforts related to identified risks or audit findings.
• Collaborate with business units to identify and mitigate operational and strategic risks.
• Monitor changes in laws, regulations, and standards that may impact the organization.
• Assist in preparing for internal and external audits by collecting evidence and maintaining documentation.
• Help ensure compliance with applicable regulatory requirements across departments.
• Contribute to the development and delivery of compliance training and awareness programs.
• Work with teams across IT, HC, Finance, and Operations to support initiatives.
• Serve as a liaison for routing compliance questions or concerns to appropriate channels.
• Promote a culture of transparency and ethical behavior through communication and engagement.
• Support privacy and data protection efforts, including documentation and response coordination.
• Assist in incident response planning and reporting in collaboration with the security team.

Key Qualifications

• Bachelor’s degree in business, Information Systems, Risk Management, or a related field preferred.
• 0-2+ years of experience in governance, risk management, compliance, or internal audit.
• Familiarity with GRC frameworks or standards (e.g., SOC 1/2, HIPAA, GDPR, PCI-DSS, ISO 27001, NIST, etc.) is a plus.
• Strong analytical and critical thinking skills.
• Excellent written and verbal communication abilities.
• Ability to manage multiple tasks and adapt to changing priorities.
• High level of integrity, confidentiality, and attention to detail.
• Collaborative mindset and willingness to learn.
• Profici…