Epic Application Security & SER Coordinator

Minimum Education

• Bachelor's Degree Bachelor's degree in Health Informatics, Information Systems, Computer Science, Cybersecurity, or a related field (Required)

Minimum Work Experience

• 3 years, Minimum three (3) years of experience in healthcare IT, with at least 3 years focused on application security (Required)
• 3 years, Experience participating in Epic security design during implementations, upgrades, or system optimization initiatives preferred (Preferred)
• 3 years, Prior involvement in security governance, policy setting, or cross-functional coordination in a hospital or academic medical center environment (Preferred)
• 3 years, Familiarity with SailPoint or enterprise IAM platforms a plus (Preferred)

Required Skills/Knowledge

• Epic Security Architecture Expertise - Strong knowledge of Epic security templates, user roles, security classes, and provider configuration; ability to manage cross-module security alignment.
• Collaboration & Governance - Proven ability to lead multidisciplinary teams, build consensus, and drive decision-making related to security structures, standards, and lifecycle processes.
• Process Orientation & Attention to Detail - Skilled in managing template versioning, documentation, change control, and validation of security structure changes across application teams.
• Communication & Stakeholder Management - Excellent communication skills with the ability to document, explain, and advocate for security standards across technical and clinical audiences.
• Awareness of Identity & Access Frameworks - Understanding enterprise IAM practices and tools (e.g., SailPoint); able to collaborate effectively on role-based access strategies and provisioning workflows.
• Training & Change Adoption - Able to lead education efforts related to Epic security standards, promote awareness, and reinforce best practices during implementation and optimization cycles.

Required Licenses and Certifications

• Epic: This position requires that the appropriate Epic certification be successfully obtained and maintained for the assigned area of responsibility within 6 weeks of completing training, if not obtained prior to hire. 90 Days (Required)

Functional Accountabilities

Epic Security Design & Standards

• Build and maintain Epic security templates, shared security classes, and application-level role structures in collaboration with analysts and business partners.
• Establish and document standards for naming conventions, template usage, ownership definitions, and cross-application alignment.

Governance & Security Workgroup Leadership

• Facilitate a multidisciplinary Epic Security Workgroup with representation from application teams, compliance, IAM, and operations.
• Set and manage timelines, decision points, and outcomes for initiatives related to Epic security structure, education, and sustainment.

Operational Security Support & Coordination

• Lead the charge on Epic security needs related to operational readiness and workflow testing, including application admin template creation, test user maintenance, shadow charting access, integrated testing, login labs, personalization labs, and role-based scenario validation.
• Collaborate with clinical, business, and application teams to ensure that temporary and non-production access is secure, appropriate, and clearly documented.

Cross-Team Collaboration

• Partner closely with the Identity & Access Management (IAM) team to align role-based access models with Epic security templates and coordinate downstream provisioning through tools like SailPoint.
• Serve as the bridge between Epic application teams and provisioning stakeholders, ensuring that design decisions reflect operational needs and compliance expectations.

Security Change Management

• Establish a repeatable, auditable process for security updates-including testing, approval, and communication plans for template changes.
• Maintain version control and history for Epic security structures and changes across environments.

Training & Awareness

• Create and maintain documentation to support Epic security structure understanding across analyst teams.
• Lead training sessions and awareness campaigns on Epic security roles, design principles, and change processes.

Security Event Facilitation

• Facilitate security-related planning and execution during major Epic events (e.g., go-lives, upgrades, audit response).
• Contribute to risk mitigation strategies related to role structure, over-permissioning, or shared access issues.