Security Analyst II

Job TypeFull-timeDescriptionThis role is onsite in our St. Cloud office.WHY NORTH RISK PARTNERSAre you interested in doing work that matters everyday with an organization intentional about building and living out a values-driven team culture? North Risk Partners is a fast-growing firm dedicated to serving the insurance and risk management needs of businesses and individuals. We provide expertise in Commercial Lines, Employee & Individual Benefits, Personal Lines, Surety, Claims, and Risk Management. Our team consists of over 450 employees working in over 30 locations across five states, including Minnesota, Iowa, North Dakota, South Dakota, and Nebraska.At North Risk Partners, our #oneTEAM lives out #oneMISSION: to provide extraordinary #service to our clients, to each other, and to our communities while living out our core values each day. Our team environments are designed to provide #oneTEAM members opportunity to focus on collaborative relationships (clients and team), variety from day-to-day, constant learning, and the tools and resources to learn and grow at work and in life.Job SummaryThe Security Analyst II plays a key role in operating, improving, and maturing North Risk’s security program. This role focuses on detection, investigation, vulnerability management, access governance, endpoint and email security, and compliance support aligned to NIST CSF 2.0, NY DFS, and HIPAA requirements. The Security Analyst II serves as a hands-on, technical contributor responsible for daily security operations, incident support, control engineering, and continuous improvement of security tooling, policies, and standards. This role reports to the Director of Infrastructure & Security and offers growth opportunities as the security program matures.Essential ResponsibilitesDetection, Investigation, and ResponsePerform security alert triage across endpoint, email, identity, and cloud security platformsInvestigate suspicious activity, validate threats, and support containment and remediationTune detection logic and alerting rules to reduce false positives and improve signal qualityDocument investigations, findings, and outcomes with clear, auditable notesProvide Tier 1-2 incident response support, including evidence collection and timeline developmentTriage and classify reported phishing emails using automated and manual analysis tools; communicate findings to end usersAccess GovernanceConduct regular user and privileged access reviews to support least privilege principlesIdentify and remediate access risks across Entra ID, groups, and role assignments Partner with identity and infrastructure teams on access governance improvementsSupport Conditional Access policy review, testing, and troubleshooting in coordination with identity and infrastructure teamsTooling and Endpoint SecurityAdminister and support Microsoft Defender, Intune, email security, and related toolsValidate endpoint compliance, protection coverage, and configuration alignment Support tool configuration changes following change control practices Vulnerability and ComplianceDefine KPIs & success metrics (e.g., model accuracy, adoption, cycle time, business impact, risk/incident rate)Oversee observability: data drift, model decay, cost tracking, usage analytics, and incident response processesManage budgets, vendor relationships, and licensing for AI platforms and toolsSecurity Engineering and ImprovementImprove technical security controls across identity, endpoint, and email systemsDevelop and maintain security hardening standards and baseline configurations Partner with infrastructure, network, and cloud teams on secure design initiativesIdentify gaps, recommended enhancements, and help drive security maturity Develop and maintain scripts and automations to improve efficiency of security operations tasksSupport security assessments and integration activities for acquired agencies, including access provisioning, endpoint onboarding, and baseline validation RequirementsQUALIFICATIONS (Knowledge, Skills, & Abilities)A combination of education and experience generally attained through an associate’s degree (in Information Technology, Cybersecurity, Networking, or related field strongly preferred), and a minimum of 5 years of progressive experience in cybersecurity, security operations, or related IT security roles Strong understanding of security fundamentals including: Detection response, least privilege and access governance, endpoint and email security, vulnerability management, and incident response principles Hands-on experience with Microsoft security technologies (Defender, Intune, Entra ID) or equivalent enterprise platformsExperience working in ticketing systems (e.g., ServiceNow) with strong documentationAbility to analyze technical data, investigate security events, and communicate findings clearlyExperience supporting compliance or audit requirements in regulated environments Experience with detection tuning, alert optimization, or SIEM adjacent workflows, including email security and phishing response platforms Familiarity with insurance, financial services, or other regulated industriesAbility to communicate technical findings to both technical and non-technical audiences, including written summaries for leadership Experience with PowerShell or other scripting languages for tasks automation is preferredFamiliarity with NIST Cybersecurity Framework (CSF) 2.0 or similar security frameworksCertifications such as Security+, CySA+, SSCP, or equivalent is preferred, but not requiredExperience contributing to security architecture or control design decisions is preferred, but not required BEHAVIOR EXPECTATIONSA role model for North Risk Partners’ core values, mission, and desired cultureDemonstrate enthusiasm and a positive attitudeProfessionally and positively represent North Risk Partners to all coworkers, clients, and external stakeholdersA team player who collaborates and works well with his/her coworkersA professional who demonstrates the ability to carry on a conversation with clients, Risk Advisors, and other coworkers within North Risk PartnersPhysical RequirementsPerform under normal office conditions; may include lifting/carrying objects weighing up to 25 poundsTwist, bend, stoop, kneel, squat, stand, walk, and reach frequentlyHear, speak, and effectively verbally communicate in the English language, including following oral and written instructions to communicate with people inside and outside of the organizationSit and a desk for extended periods of time and perform long hours of work sitting at a computerMove around office/building/facilities repeatedly throughout the dayApply manual dexterity, visual acuity and ability, for computer keyboarding, office equipment uses, review of detailed reports, information, fine print, and warning labelsMust possess valid driver’s license and be able to travel to different North Risk Partners locations for meetings, as well as various locations throughout the state and potentially the region for client meetingsAble to work a flexible work schedule, including overtime and potential evenings/weekends for events and meetings as neededTOOLS AND EQUIPMENT USED Incumbents must be able to use telephones, calculators, copy machines, computers, printers, and other office equipmentWORK ENVIRONMENTThe work environment is primarily indoors. Exposure to a variety of weather conditions during work related travel and events held outside of the workplace will occur and I acknowledge that I have read, understood, and agree with the contents of this position description. I agree to use my best efforts to fulfill all expectations of the position. I also acknowledge that I am an at-will employee.This job description does not necessarily list all the job functions or accountabilities of the job. Employees may be asked by management to perform additional duties and tasks. Management reserves the right to revise and update job descriptions at any time.Compensation And BenefitsThe estimated salary range for this full-time position is $78,000 - $90,000 annually, plus benefits. The salary of the finalist selected for this role will be set based on a variety of factors, including but not limited to departmental budgets, qualifications, experience, education, licenses, specialty, and training. The hiring range represents the company’s good faith and reasonable estimate of the range of possible compensation at the time of posting.We offer a comprehensive benefits package, including health, dental, vision, short-term and long-term disability, life, long-term care, 401(k) plan, and more. North Risk Partners is growing which means your career can too. #oneTEAM members receive continuing professional education and development, volunteer time off, paid time off, and paid holidays.