Epic Applications Security Manager

About The Position

Requirements

• Bachelor's degree in computer engineering, computer science, or information systems management or approved equivalent combination of education and experience. Three years of additional related experience may be substituted in lieu of educational requirement.
• Minimum five to seven years of experience in information technology or information security, including direct responsibility for application security programs.
• Experience leading teams or serving as a project or technical lead in a complex healthcare environment.
• Strong understanding of operating systems, risk assessment processes, project planning/management, and business continuity.
• Experience with enterprise vulnerability scanning, code review, and secure development practices.
• Experience engaging cross-functional stakeholders and serving as the escalation point for complex security issues.
• Experience with and knowledge of UNIX operating systems desired and Microsoft operating systems required; risk and threat assessment process and practices; project planning and management; business continuity planning, documentation and evaluation
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))

Nice To Haves

• Prior experience supporting Epic application security is strongly preferred.

Responsibilities

• Strategic leadership and operational oversight for all Epic-related application security functions.
• Manages the team responsible for safeguarding Epic system assets, ensuring strong access governance.
• Maintains a secure environment for clinical and operational workflows.
• Directs all Epic security lifecycle activities, including access strategy, build standards, testing governance, risk evaluation, and integration with enterprise cybersecurity programs.
• Serves as the primary liaison between Epic application teams, Information Security, IT Operations, Compliance, and clinical/business departments.
• Ensures that all Epic users have the appropriate access needed to perform their roles while maintaining strict security, privacy, and regulatory compliance.
• Oversees issue resolution, coordinates incident response related to Epic security.
• Evaluates emerging risks, designs mitigation strategies, and leads continuous improvement of Epic security posture and processes.