Sr. Identity & Access Analyst - IT Security - Full Time

About The Position

Requirements

• High school diploma required
• 5+ years of experience in Identity and Access Management, information security, or related IT roles
• 3+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes
• Experience supporting IAM in a regulated environment
• Obtain one relevant professional security certification within 6 months of hire/in role
• Obtain the Epic security certification within 6 months of hire/in role
• Advanced understanding of IAM operational processes and controls
• Strong analytical and troubleshooting skills for complex identity‑based access issues
• Ability to independently manage workload and prioritize competing requests
• Strong written and verbal communication skills for documentation, training, and stakeholder engagement
• Experience documenting standards, procedures, and control evidence
• Ability to translate business and clinical requirements into effective access controls
• Familiarity with emerging technology such as AI to support improvements to IAM services
• Requires attention to detail, independent judgment, and ability to manage multiple priorities
• Frequent interaction with IT, clinical staff, vendors, and auditors

Nice To Haves

• Bachelor’s degree in a relevant field preferred
• Experience supporting Epic EMR security and clinical access workflows
• 7+ years of experience in Identity and Access Management, information security, or related IT roles
• 5+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes
• Healthcare experience strongly preferred
• Familiarity with healthcare regulations and security frameworks (HIPAA, NYSDOH, HITRUST CSF, NIST CSF)
• Experience with scripting or automation (PowerShell or similar) to improve IAM workflows
• Relevant Professional certification such as CompTIA Security+, ISC2 SSCP, or equivalent
• Epic Security certification

Responsibilities

• Perform advanced provisioning and deprovisioning of regular, privileged, and Epic EMR user access
• Administer and support IAM platforms including Azure AD, Active Directory, PAM, MFA, SSO, and federation
• Identify, analyze, and resolve complex IAM and access workflow issues; recommend process improvements
• Support and execute account lifecycle management processes to ensure appropriate access is granted and removed
• Participate in IAM tool integrations, upgrades, testing, and operational enhancements
• Adoption and utilization of AI to increase operational efficiencies
• Participate in periodic user access reviews and entitlement certifications across the organization
• Support audits, regulatory reviews, and risk assessments by gathering and validating IAM control evidence
• Ensure IAM controls operate effectively to support HIPAA Security and Privacy Rule compliance
• Assist with documenting IAM control gaps, risks, and remediation recommendations
• Support efforts to acquire and sustain HITRUST CSF certification
• Develop and maintain IAM playbooks, procedures, and standards documentation
• Establish and track operational IAM metrics and reporting for management
• Partner with IT, clinical, and business stakeholders to align access controls with workflows
• Provide guidance and informal mentoring to IAM Analysts and junior team members
• Participate in project work to ensure IAM requirements are addressed in system designs and operating procedures