Applications Security Analyst (Epic) III / Senior

POSITION SUMMARY: The Senior Application Security Analyst professional will lead the day-to-day execution and continuous improvement of Epic application access in a high-volume hospital environment. This role blends operational excellence (hundreds of access tickets weekly) with senior-level ownership of access models, governance, and audit readiness. This role will also be a key application-side partner in our IAM/IGA automation program—helping define the Epic roles/entitlements, approvals, and access review structures that enable scalable onboarding and offboarding automation. Over the next 12–24 months, this team’s scope is expected to broaden from Epic-focused access to enterprise application access governance across the organization. Position: Applications Security Analyst (Epic) III / Senior        Department: Information Security Schedule: Full Time ESSENTIAL RESPONSIBILITIES / DUTIES: High-Volume ServiceNow Access Operations

• Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage.
• Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately.
• Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability. Epic Application Access & Security Leadership
• Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy.
• Develop and maintain standardized access patterns Attribute Based Access Control (ABAC)/templates, privileged/elevated access controls) aligned to least privilege.
• Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions. Access Governance, Audit Readiness, and Risk Controls
• Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve.
• Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps.
• Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans. IAM/IGA Automation Enablement (Application-Side SME)
• Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready†(clean entitlements, requestable roles, approvals, constraints, and edge-case handling).
• Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students).
• Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails. Mentorship & Operational Excellence
• Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices.
• Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement. JOB REQUIREMENTS
• Associates degree OR equivalent education or experience
• Epic certification(s), Security strongly preferred.
• 5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility.
• Strong Epic import/export, Microsoft Excel skills and experience.
• Demonstrated expertise in Attribute Based Access Control (ABAC)/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment.
• Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation.
• Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication. Preferred
• Bachelor’s degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred.
• Additional Epic certifications.
• Strong Data Governance knowledge and experience.
• Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable).
• Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare.
• Microsoft Access database experience. This Role Will
• Sit inside Cybersecurity under the CISO organization with meaningful influence on enterprise access strategy.
• Help shape the application authorization layer that makes IGA automation successful (Epic first; broader application portfolio next).
• Have real s

Apply tot his job Apply To this Job