IAM CareConnect (EPIC) Security Analyst

We are more than a health system. We are a belief system. We believe wellness and sickness are both part of a lifelong partnership, and that everyone could use an expert guide. We work hard, care deeply and reach further to help people uncover their own power to be healthy. We inspire hope. We learn, grow, and achieve more – in our careers and in our communities.

Job Description Summary:

Reports to the Identity and Access CareConnect Manager and will have no direct reports. The Identity and Access Management Analyst will be responsible for daily operational security administration and access control support to the OhioHealth Identity and Access Management (IAM) program. The Identity and Access Management Analyst supports security access control initiatives throughout the enterprise.

The Identity and Access Management Analyst acts as a resource for OhioHealth departments and business units on technical and/or operational security matters. The Identity and Access Management Analyst participates in the planning, development, and deployment of IAM access control standards and processes into production. The Identity and Access Management Analyst will develop supporting documentation for IAM procedures and processes. They will also evaluate and refine existing documentation. The Identity and Access Management Analyst analyzes user access needs, develop access roles and add/change/delete user access accordingly, through provisioning tool(s) or directly in system/application. The role will assist in special projects, such as application go-lives, upgrades, enhancements, and on-call responsibilities, etc. as needed.

Minimum Qualifications:

Bachelor's Degree: Computer and Information Science (Required)

• Degree or work experience above the minimum qualifications
• Field of Study: Computer Science, Business Administration/Management, Information Services, or equivalent combo educ & experience

• Years of experience: 2 yrs. in Information Security or EPIC Administration

SPECIALIZED KNOWLEDGE

• Experience administering and building new security roles, classes and/or rules within an IAM tool and/or appropriate system(s) or application(s) based on customer needs and compliance approval; maintain documentation accordingly.
• Participated in implementation and coordinate with Application teams to ensure proper build of records/systems/applications.
• Participate in upgrade implementations and coordinate as needed between Application teams.
• User provisioning and maintenance in EPIC through bulk upload or individual account updates.
• Ability to adapt quickly to our dynamic corporate security environment. Tasks will vary depending on the nature and content of the security issue at hand and may change rapidly.
• A flexible mindset and the ability to quickly adapt to change is required.
• Must possess strong critical thinking, communication, troubleshooting and systems analysis skills.
• Ability to pull reports on user accounts and monitor access provisioned for accuracy.

DESIRED ATTRIBUTES

• Experience managing and maintaining user accounts in EPIC.
• EPIC status current for Security Administration or willing to obtain within 12 months.

INFORMATION SECURITY

Maintains confidentiality of log-on password(s) and security of other authentication devices (e.g., key fobs, proximity devices, etc.).

Ensures privacy and security of information entrusted to their care.
Uses company business assets and information resources for management-approved purposes only.

Adheres to all information privacy and security policies, procedures, standards, and guidelines.
Promptly reports information security incidents to the OhioHealth Information Security Officer.

RESPONSIBILITIES AND DUTIES

15%

• Security Administration Perform daily systems security administration functions, including managing customer access requests; create, modify and/or delete customer profiles and accounts; reset passwords; and maintain appropriate documentation.

15%

• Build Roles Administer and build new security roles, classes and / or rules for IAM tool and / or appropriate systems or applications based on customer needs and compliance approval; maintain documentation accordingly.

15%

• Log Analysis Analyze and integrate access controls-specific log information, including operating system-level access logs. Perform event correlation as required. Interpret and present audit findings into clear, concise reports for EIS management.

10%

• Issue Resolution Facilitate the identification and resolution of IAM security issues or questions by involving identified OhioHealth associates and other stakeholders; escalate when appropriate.

10%

• Control Reviews Coordinate regular reviews of the IAM systems to identify real and/or potential security and/or access weaknesses. Based on findings, develop fixes / mitigations which meet enterprise and customer needs cost effectively and support our mission and patient care standards.

10%

• Process Maintenance Maintain process / application files in the various IAM computer systems to ensure maximum system performance and integrity.

10%

• Security Assessment and Mitigation Receive, research, and interpret identity proofing and / or security access threat warnings from internal tools, external activities, and outside sources/colleagues. Coordinate regular reviews of the IAM systems to identify real and/or potential security and/or access weaknesses. Based on findings, develop fixes / mitigations which meet enterprise and customer needs cost effectively and support our mission and patient care standards.

5%

• Business Analysis Working with Management, other IAM team members and business / clinical customers, define appropriate role-based access by job / professional responsibility and maintain on-going access matrix to support our corporate mission and patient care.

5%

• Be Subject Matter Expert Represent the IAM team in meetings and be able to identify issues as they relate to IAM and general Information Security. Serve as a Subject Matter Expert concerning IAM incident resolution and assist IAM team members in resolving tickets.

5%

• Lead Efforts Be able to lead initiatives, meetings, and document follow-ups. Create Status reports on projects, identify risks and issues, and document mitigation plans. The major duties/ responsibilities and listed above are not intended to be all-inclusive of the duties, responsibilities and to be performed by associates in this job. Associate is expected to all perform other duties as requested by supervisor.

Work Shift:

Day

Scheduled Weekly Hours :

40

Department

Information Security

Join us!
... if your passion is to work in a caring environment
... if you believe that learning is a life-long process
... if you strive for excellence and want to be among the best in the healthcare industry

Equal Employment Opportunity

OhioHealth is an equal opportunity employer and fully supports and maintains compliance with all state, federal, and local regulations. OhioHealth does not discriminate against associates or applicants because of race, color, genetic information, religion, sex, sexual orientation, gender identity or expression, age, ancestry, national origin, veteran status, military status, pregnancy, disability, marital status, familial status, or other characteristics protected by law. Equal employment is extended to all person in all aspects of the associate-employer relationship including recruitment, hiring, training, promotion, transfer, compensation, discipline, reduction in staff, termination, assignment of benefits, and any other term or condition of employment

Remote Work Disclaimer:

Positions marked as remote are only eligible for work from Ohio .