Applications Security Analyst (Epic) III / Senior
POSITION SUMMARY: The Senior Application Security Analyst professional will lead the day-to-day execution and continuous improvement of Epic application access in a high-volume hospital environment. This role blends operational excellence (hundreds of access tickets weekly) with senior-level ownership of access models, governance, and audit readiness. This role will also be a key application-side partner in our IAM/IGA automation program—helping define the Epic roles/entitlements, approvals, and access review structures that enable scalable onboarding and offboarding automation. Over the next 12–24 months, this team’s scope is expected to broaden from Epic-focused access to enterprise application access governance across the organization. Position: Applications Security Analyst (Epic) III / Senior        Department: Information Security Schedule: Full Time ESSENTIAL RESPONSIBILITIES / DUTIES: High-Volume ServiceNow Access Operations • Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage. • Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately. • Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability. Epic Application Access & Security Leadership • Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy. • Develop and maintain standardized access patterns Attribute Based Access Control (ABAC)/templates, privileged/elevated access controls) aligned to least privilege. • Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions. Access Governance, Audit Readiness, and Risk Controls • Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve. • Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps. • Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans. IAM/IGA Automation Enablement (Application-Side SME) • Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready†(clean entitlements, requestable roles, approvals, constraints, and edge-case handling). • Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students). • Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails. Mentorship & Operational Excellence • Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices. • Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement. JOB REQUIREMENTS • Associates degree OR equivalent education or experience • Epic certification(s), Security strongly preferred. • 5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility. • Strong Epic import/export, Microsoft Excel skills and experience. • Demonstrated expertise in Attribute Based Access Control (ABAC)/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment. • Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation. • Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication. Preferred • Bachelor’s degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred. • Additional Epic certifications. • Strong Data Governance knowledge and experience. • Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable). • Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare. • Microsoft Access database experience. This Role Will • Sit inside Cybersecurity under the CISO organization with meaningful influence on enterprise access strategy. • Help shape the application authorization layer that makes IGA automation successful (Epic first; broader application portfolio next). • Have real s
Apply tot his job
Apply To this Job