Epic Security Architect - FT - Days - IS Technical Services @ MV

El Camino Health is committed to hiring, retaining and growing the best and brightest professionals who will carry our mission and vision forward. We are proud of our reputation in the community: One built on compassion, innovation, collaboration and delivering high-quality care. Come join the team that makes this happen.

Applicants MUST apply for position(s) by submitting a separate application for each individual job posting number they are interested in being considered for.

FTE

Scheduled Bi-Weekly Hours

Work Shift

Job Description

Job Profile Summary

The Epic Security Architect acts as a subject-matter expert in Epic security design, build, and maintenance. This role ensures proper access, compliance, and operational efficiency across Epic applications and integrated systems. Demonstrates sustained application of specialized Epic security expertise, leading RBAC design and security build; implementing and monitoring audit controls and driving remediation; partnering with Identity/IAM; and supporting BCP and change related security activities, across modules and processes.

Regularly collaborates with clinical, business, and IT stakeholders to manage user access provisioning, maintain security policies, conduct audits, and support enterprise security initiatives and trains/mentors junior analysts. Serves as escalation for Epic security; and determines methods and procedures on new assignments where analysis of data requires indepth evaluation.

Job Description

Access Requirements & Security Analysis

• Design, configure, test, and maintain Epic security components (user templates, provider records/blueprints, roles, profiles).
• Partner with application/operational teams to translate access requirements into leastprivilege, Minimum Necessary, rolebased designs.
• Own the user access lifecycle (create, provision, update, inactivate), including request intake, approvals, onboarding/offboarding, and timely access removals.
• Design and maintain RBAC (security classes/templates, provider blueprints, profiles), and perform periodic role/access attestations.
• Develop security implementation plans from operational needs and act as SME/escalation for complex access scenarios.
• Evaluate new Epic features/settings and identity/MFA/SSO implications for security impact and alignment.
• Apply indepth evaluation to determine methods and procedures on new assignments (e.g., novel access models, crossmodule role harmonization).

Security Configuration, Testing & Implementation

• Lead the build/configuration of Epic security components, including login behavior and workingenvironment settings.
• Plan and execute functional, integration, and regression testing for security changes, Updates/Special Updates, and new module implementations.
• Lead change/security readiness for go lives and upgrades (including multi module implementations), coordinating cutover tasks and validating access controls through the change control process.
• Follow Epic/vendor best practices and maintain certifications aligned to Epic Honor Roll requirements.

Documentation, Compliance & Process Controls

• Create and maintain process documentation, build guides, runbooks, and technical configuration records for internal use and crossteam handoffs.
• Ensure evidence of authorization is captured and archived; enforce policies to ensure only authorized access (Minimum Necessary).
• Perform audits and risk assessments (internal/external); drive audit remediation and sustain controls (including dormant account reviews and access cleanup).
• Maintain and test business continuity processes for access/security; standardize provisioning/deprovisioning work

Operations Support, Incident Response & Mentoring

• Troubleshoot security/workflow issues; serve as escalation point; collaborate with IS, Information Security/Identity, and Epic for proactive support.
• Monitor security/access performance metrics, remediate issues, and respond afterhours/emergencies as needed.
• Train and mentor junior analysts/operational staff; promote consistent application of security practices.

Communication, Collaboration & Reporting

• Regularly partners with Information Security/Identity, project teams, operational leaders, and clinical/business IT; drives security testing/controls across modules; and provides crossteam influence and guidance.
• Communicate security designs, changes, and impacts clearly to technical and nontechnical stakeholders.
• Produce Reporting Workbench and adhoc reports to support access reviews, incident analysis, and security KPIs/dashboards.
• Continuously improve provisioning, RBAC, auditing, and reporting workflows; complete daily standard work and communications to maintain secure operations.
• Collaborate across clinical, business, and IT teams to ensure alignment and consistent application of security practices.

Qualifications

• Bachelor's Degree preferred
• 4 years of direct Epic security experience with progressive experience is required
• Minimum of 5 years of experience in information technology required
• Excellent analytical, troubleshooting, and problem-solving skills
• Key competencies:
  • Ability to analyze data and information with a detailed understanding of regulatory requirements that impact the healthcare industry, as well as security frameworks and methodologies.
  • Meticulous attention to detail
  • Good problem-solving skills
  • Ability to work comfortably under pressure and deliver on tight deadlines
  • Ability to maintain the highest standards of confidentiality, integrity, and personal accountability when working with sensitive and restricted data, including protected health information (PHI)
  • Knowledge of Epic User Security, Schedulable Epic Resource settings, and other Epic functionality as needed
  • Ability to practice a high level of integrity and honesty in maintaining confidentiality

• Working knowledge of:
  • Demonstrated success using Epic, other electronic health record management.
  • Demonstrated proficiency using analytical tools and skills.
  • Demonstrated success with the development of workflows and documentation related to Epic Security.
  • SSL/TLS/Certificates
  • Network protocols and functionality including TCP/IP, Active Directory, Domain Name Services, FTP/SCP, and HTTP/S

License/Certification/Registration Requirements

• Current Epic Security certification is required
• One or more Third Party Certifications are preferred:
• CISA, CISM, CISSP

Ages of Patients Served - N/A

Salary Range:

The Physical Requirements and Working Conditions of this job are available. El Camino Health will provide reasonable accommodations to qualified individuals with a disability if that will allow them to perform the essential functions of a job unless doing so creates an undue hardship for the hospital, or causes a direct threat to these individuals or others in the workplace which cannot be eliminated by reasonable accommodation.

An Equal Opportunity Employer:
El Camino Health seeks and values a diverse workforce. The organization is an equal opportunity employer and makes employment decisions on the basis of qualifications and competencies. El Camino Health prohibits discrimination in employment based on race, ancestry, national origin, color, sex, sexual orientation, gender identity, religion, disability, marital status, age, medical condition or any other status protected by law. In addition to state and federal law, El Camino Health also follows all applicable fair and equitable employment policies from the County of Santa Clara.