Applications Security Analyst (Epic) III / Senior

About The Position

Requirements

• Associates degree OR equivalent education or experience
• Epic certification(s), Security strongly preferred.
• 5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility.
• Strong Epic import/export, Microsoft Excel skills and experience.
• Demonstrated expertise in RBAC/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment.
• Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation.
• Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication.

Nice To Haves

• Bachelor’s degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred.
• Additional Epic certifications.
• Strong Data Governance knowledge and experience.
• Experience implementing or partnering with IGA platforms (SailPoint IdentityIQ/IdentityNow preferred; similar tools acceptable).
• Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare.
• Microsoft Access database experience.

Responsibilities

• High-Volume ServiceNow Access Operations Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for access creation, changes, troubleshooting, terminations/offboarding, and triage. Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately.
• Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability.
• Epic Application Access & Security Leadership Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy.
• Develop and maintain standardized access patterns (RBAC roles/templates, privileged/elevated access controls) aligned to least privilege. Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions.
• Access Governance, Audit Readiness, and Risk Controls Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve. Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps.
• Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans.
• IGA / SailPoint Enablement (Application-Side SME) Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready” (clean entitlements, requestable roles, approvals, constraints, and edge-case handling).
• Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students).
• Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails.
• Mentorship & Operational Excellence Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices.
• Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement.