The Epic security analyst is responsible for Epic account and password management, resource access policy and design, information access controls, design and implementation. Manage and maintain Epic access and SER (Provider/Scheduled Resource) database, by following security protocols, utilizing best practices and following established policies and procedures for new implementations. Responsible for performing audits and producing monthly management and exception reports, to include resolution of issues found. Collaborates directly with all Epic application teams to monitor and maintain operational configurations of Epic security configuration for efficient and appropriate operations, in accordance with company policy and all application laws, implementing adjustments as necessary.
Under general supervision, independently responsible for effectively managing application analysts assigned to security workgroups, understands Epic’s security infrastructure, and provisions security for users.
- Manage security-related coordination between Epic applications (facilitate regular meetings; develop implementation timelines and strategies relating to security).
- Provision application security levels and roles and establishes ownership of each security class.
- Own and manage Epic security build, testing, and user record creation processes.
- Maintain the Epic security documentation including the Users and Security Matrix
- Create and maintain role-based security for the Epic system and manage related activities.
- Make appropriate access decisions in conjunction with application coordinators/analyst and operations.
- Create appropriate shared security classifications with suitable menus within Epic software leading to a common look and feel across the system.
- Develop Epic user security support plan working with Epic Security Manager.
- Coordinate and implement processes for creation and updates to the Epic system security across project teams.
- Maintain and manage the Epic security project plan.
- Build, maintain, and proactively monitor security master files for data quality and integrity. Provides audit, privacy and compliance support for Epic security/access related issues
- Coordinate security template, role updates and establishes a security change control process
- Create and maintains procedures to activate, deactivate, and update user records
- Set up, monitor and maintain multiple security classes for all Epic application products
- Build/manage security classes based on the needs of the practices
- Assign appropriate user roles and profiles to the appropriate users
- Analyzes data based on the end-user requirements and information gathering
- Perform complex analysis, design, development, testing and support services for assigned applications. Develops testing scripts and participates in testing.
- Performs process improvement and security optimization tasks
- Responsible for and oversees day to day tracking and follow-up on issues and questions of daily operations within security.
- Perform routine maintenance; logging, troubleshooting, and escalating security issues as needed
- Ensure access is correct and available for users at go-live sites.
- Develops and maintains collaborative relationship with Epic training team, ITS application and support teams.
- Promotes a cooperative work environment by utilizing communication skills, interpersonal relationships and team building.
- Keep security standard up to date with the latest Epic releases, meet with all application team leads to decide on any new security updates, document decisions, configure, test and apply security changes to production
- Positions may require local travel between various locations.
- Perform other duties as assigned.
Education, Training and Experience
- Seasoned in the security domain for Identity Access Management.
- Demonstrates competence in analysis and problems solving principles with emphasis in user relations, data gathering techniques and management information applications is required.
- Understands the impact of applications on business processes; and the integration/relationships between and among organizational applications.
- Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
- 5 or more years in IT, with 2-3 years of identity and access management or roles-based access controls.
- Previous experience in security administration setting up security profiles and roles in Epic or other EHR application.
- Demonstrated ability to effectively work within a team of technical professionals required.
- Must have significant experience in system development concepts, algorithms, project life cycle management
- Experience with Active Directory
This applies to all levels of Applications Analyst: Bachelor’s Degree in Computer Science, Information Systems or related field. Two (2) or more years’ experience with the application, module or equivalent system as assigned Two (2) or more years’ experience working in a Health Care Application Services department, preferably within an acute care environment
Skills or Other Qualifications
- Incident Response: Demonstrates the ability to respond quickly to reports from individuals. Takes immediate action to stop an incident from continuing or recurring. Determines whether an incident should be handled locally or reported to an IT security response team. Works with the IT support staff to repair a system, restore service, and preserve evidence of the incident. Handles sensitive and other critical responses in a professional manner. Evaluates and documents investigation findings after resolving an incident.
- Excellent communication skills; customer focused; excellent attention to detail; able to prioritize tasks and meet deadlines; strong interpersonal skills; able to work in a team environment.
- Proficient with Microsoft office tools, including Word, Excel, PowerPoint and Visio
License and Certifications
Current Epic Security Certification required.