Epic Security Architect - FT - Days - IS Technical Services @ MV

The Epic Security Architect acts as a subject-matter expert in Epic security design, build, and maintenance. This role ensures proper access, compliance, and operational efficiency across Epic applications and integrated systems. Demonstrates sustained application of specialized Epic security expertise, leading RBAC design and security build; implementing and monitoring audit controls and driving remediation; partnering with Identity/IAM; and supporting BCP and change related security activities, across modules and processes.

Regularly collaborates with clinical, business, and IT stakeholders to manage user access provisioning, maintain security policies, conduct audits, and support enterprise security initiatives and trains/mentors junior analysts. Serves as escalation for Epic security; and determines methods and procedures on new assignments where analysis of data requires in-depth evaluation., * Design, configure, test, and maintain Epic security components (user templates, provider records/blueprints, roles, profiles).

• Partner with application/operational teams to translate access requirements into least-privilege, Minimum Necessary, role-based designs.
• Own the user access lifecycle (create, provision, update, inactivate), including request intake, approvals, onboarding/offboarding, and timely access removals.
• Design and maintain RBAC (security classes/templates, provider blueprints, profiles), and perform periodic role/access attestations.
• Develop security implementation plans from operational needs and act as SME/escalation for complex access scenarios.
• Evaluate new Epic features/settings and identity/MFA/SSO implications for security impact and alignment.
• Apply in-depth evaluation to determine methods and procedures on new assignments (e.g., novel access models, cross-module role harmonization).

Security Configuration, Testing & Implementation

• Lead the build/configuration of Epic security components, including login behavior and working-environment settings.
• Plan and execute functional, integration, and regression testing for security changes, Updates/Special Updates, and new module implementations.
• Lead change/security readiness for go lives and upgrades (including multi module implementations), coordinating cutover tasks and validating access controls through the change control process.
• Follow Epic/vendor best practices and maintain certifications aligned to Epic Honor Roll requirements.

Documentation, Compliance & Process Controls

• Create and maintain process documentation, build guides, runbooks, and technical configuration records for internal use and cross-team handoffs.
• Ensure evidence of authorization is captured and archived; enforce policies to ensure only authorized access (Minimum Necessary).
• Perform audits and risk assessments (internal/external); drive audit remediation and sustain controls (including dormant account reviews and access cleanup).
• Maintain and test business continuity processes for access/security; standardize provisioning/deprovisioning work

Operations Support, Incident Response & Mentoring

• Troubleshoot security/workflow issues; serve as escalation point; collaborate with IS, Information Security/Identity, and Epic for proactive support.
• Monitor security/access performance metrics, remediate issues, and respond after-hours/emergencies as needed.
• Train and mentor junior analysts/operational staff; promote consistent application of security practices.

Communication, Collaboration & Reporting

• Regularly partners with Information Security/Identity, project teams, operational leaders, and clinical/business IT; drives security testing/controls across modules; and provides cross-team influence and guidance.
• Communicate security designs, changes, and impacts clearly to technical and non-technical stakeholders.
• Produce Reporting Workbench and ad-hoc reports to support access reviews, incident analysis, and security KPIs/dashboards.
• Continuously improve provisioning, RBAC, auditing, and reporting workflows; complete daily standard work and communications to maintain secure operations.
• Collaborate across clinical, business, and IT teams to ensure alignment and consistent application of security practices., Sedentary Work - Duties performed mostly while sitting; walking and standing at times. Occasionally lift or carry up to 10 lbs. Uses hands and fingers. - (Physical Requirements-United States of America)

• Bachelor's Degree preferred
• 4 years of direct Epic security experience with progressive experience is required
• Minimum of 5 years of experience in information technology required
• Excellent analytical, troubleshooting, and problem-solving skills
• Key competencies:

• Ability to analyze data and information with a detailed understanding of regulatory requirements that impact the healthcare industry, as well as security frameworks and methodologies.
• Meticulous attention to detail
• Good problem-solving skills
• Ability to work comfortably under pressure and deliver on tight deadlines
• Ability to maintain the highest standards of confidentiality, integrity, and personal accountability when working with sensitive and restricted data, including protected health information (PHI)
• Knowledge of Epic User Security, Schedulable Epic Resource settings, and other Epic functionality as needed
• Ability to practice a high level of integrity and honesty in maintaining confidentiality

• Working knowledge of:

• Demonstrated success using Epic, other electronic health record management.
• Demonstrated proficiency using analytical tools and skills.
• Demonstrated success with the development of workflows and documentation related to Epic Security.
• SSL/TLS/Certificates
• Network protocols and functionality including TCP/IP, Active Directory, Domain Name Services, FTP/SCP, and HTTP/S

License/Certification/Registration Requirements

• Current Epic Security certification is required
• One or more Third Party Certifications are preferred:
• CISA, CISM, CISSP