Note: The job is a remote job and is open to candidates in USA. Boston Medical Center (BMC) is seeking an Epic Security Analyst II to enhance the security and access management of Epic applications in a high-volume hospital environment. The role involves executing access provisioning and deprovisioning, collaborating with various teams to ensure scalable automation, and maintaining access governance and audit readiness.
Responsibilities
- Own and execute work in a ServiceNow queue, consistently handling consistent high-volume tickets for joiner/mover/leaver access changes, troubleshooting, and triage
- Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately
- Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability
- Serve as an escalation point for assigned Epic access design/build and access issues; ensure access is scalable, supportable, and aligned to policy
- Collaborate to assist in development and maintenance standardized access patterns with Attribute Based Access Control (ABAC)/templates, privileged/elevated access controls) aligned to least privilege
- Partner with Epic application teams, operational leaders, and source data stewards to translate workflows into durable access models and reduce one-off exceptions
- Assist in maintaining an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve
- Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps
- Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans
- Sit inside Cybersecurity under the CISO organization with meaningful influence on enterprise access strategy
- Help shape the application authorization layer that makes IGA automation successful (Epic first; potential for broader application portfolio later)
- Have real scale: high operational volume, high-impact clinical workflows, and a multi-year IAM/IGA automation program modernizing access lifecycle controls
Skills
- Associate's degree (accredited institution)
- Epic certification(s), Security strongly preferred
- 2+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility
- Epic import/export, Microsoft Excel skills and experience
- Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation
- Strong cross-functional collaboration skills and clear written communication
- Bachelor's degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred
- Additional Epic certifications
- Data Governance knowledge and experience
- Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable)
- Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare
Benefits
- Benefits (medical, dental, vision, pharmacy)
- Discretionary annual bonuses and merit increases
- Flexible Spending Accounts
- 403(b) savings matches
- Paid time off
- Career advancement opportunities
- Resources to support employee and family well-being
Company Overview
Company H1B Sponsorship