Sr Analyst, Information Security

About The Position

Requirements

• Epic Certification: Must hold a current certification as an Epic Security Coordinator.
• A minimum of 5 years of hands-on experience building, maintaining, and troubleshooting Epic User Security for both internal enterprise users and Community Connect partners.
• Deep understanding of the Epic security framework, including Chronicles, user templates, user roles, security classes, and provider/resource records (SER).
• Proven ability to analyze complex technical problems, troubleshoot security issues, and develop effective, sustainable solutions.
• Excellent verbal and written communication skills, with the ability to articulate technical concepts to both technical and non-technical stakeholders

Nice To Haves

• Bachelor's degree in information technology, Healthcare Informatics, Information Technology, Computer Science, or a related field.
• Additional Epic certifications (e.g., Bridges, Data Courier, Chronicles) are a strong plus.
• Hands-on experience with enterprise Identity and Access Management (IAM) systems and directory services such as Okta or Microsoft Active Directory (AD).
• Understanding of API, Web Services and Micros Services.
• Experience in protecting electronically protected health information (ePHI) and sensitive customer personally identifiable information.
• Experience working within a large, complex healthcare organization and its affiliates.

Responsibilities

• Design, build, provide implementation guidance and support the core Epic security infrastructure, including user roles, security classes, profiles, and provider/resource records (SER), to ensure access is granted based on the principle of least privilege for both internal and Community Connect users.
• Provide support to Information Security team members in managing technologies such as Active Directory, Okta (identity and access management), and VPN / two-factor authentication solutions.
• Support PDS Identify Governance, Administration and Automation initiatives, by helping to automate Epic related user provisioning/de-provisioning workflows.
• Develop, implement, and audit Role-Based Access Control (RBAC) models within the Epic ecosystem to ensure system access is appropriate for each user's job function across the enterprise and affiliate partners.
• Define security requirements and configure access for third-party applications and interfaces that connect to Epic, utilizing tools like Bridges and API security (FHIR) to ensure data integrity.
• Evaluate, propose, and leverage resources and solutions that are scalable and cost-effective, including in-house, on-premises, cloud, hybrid, and hosted.
• Assist in various compliance efforts, including HITRUST, HIPAA, and PCI.
• Research and apply the latest Epic security features and best practices released in new version upgrades to continuously improve the organization's security posture.
• Work collaboratively with other Epic application analysts, clinical informatics, compliance officers, and business stakeholders to translate operational needs into technical security requirements.
• Ensure appropriate visibility of critical business assets, including customer data (PHI / PII) and ensure appropriate security controls to enhance patient, customer, and user experiences while maintaining high level of customer satisfaction and data security.
• Ensure operational reliability and support of IT services delivered to our patients, customers, and users in accordance with defined SLA metrics for confidentiality, integrity, and availability from a design, architecture and integration perspective.
• Other duties and responsibilities as assigned.

Benefits

• Medical, dental, and vision insurance
• Paid time off
• Tuition Reimbursement
• 401K
• Paid time to volunteer in your local community