It's preferred that the candidate has EPIC Security experience.
Knowledge of Imprivata is a plus.
Must be an Active Directory expert.
They will have a team of about 12 people, so we are looking for someone with previous management experience.
They will be fully onsite for the first 6 months to get onboarded.
Job Summary:
Services the organization, patients, and employees by ensuring timely and accurate provisioning utilizing role-based access controls and least privilege access principles. Provide leadership and guidance for the Identity and Access team, including all provisioning and system access-related processes. Lead the Identity and Access team and provide support and engagement with 1:1s, lead staff meetings, and develop staff. Implement continual process improvement and innovation in processes, policies, and governance enabling the team to provide secure service delivery in a timely and accurate manner. Management, oversight and ownership of the comprehensive identity and access platform in use by the organization. This role is responsible for creating, maintaining, automating, and improving standards in account lifecycle management. Assists in the formulation of strategic planning for both short- and long-term activities, and performing all other duties as assigned by the Director of Information Security. Well-versed with a deep understanding of Active Directory, permissions, role-based access, access provisioning, and access controls. Manage the provisioning of Epic security and work with other applications teams and managers to ensure data confidentiality, integrity, and availability.
Minimum Job Qualifications:
Educational Requirements: Bachelor's Degree in Information Systems, Information Technology Management, or related Field.
Minimum Experience: 7 years of IT security operations experience. Minimum of three years working in a complex IT Security position.
Preferred Job Qualifications
Preferred Licensure or other certifications: CISSP or CISM. May hold additional IT security certifications.
Preferred Experience: Healthcare IT security experience.
Job-Specific and Unique Knowledge, Skills, and Abilities:
Must be able to follow written technical instructions without assistance.
Minimum of three years working in a complex IT Security position.
Well organized and able to communicate effectively with end users as well as ITS staff.
Must be detail-oriented.
Knowledge of the organization's core business/mission processes.
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).
Knowledge of Personal Health Information (PHI) data security standards.
Knowledge of the organizational planning and staffing process.
Essential Tasks and Responsibilities:
Leadership and direction of the Identity & Access Management (IAM) team responsible for IT Security account provisioning and deprovisioning.
Manages provisioning teams to reduce backlogs, prioritize workloads, and intelligently automate platforms in support of a fast-paced, growing healthcare environment.
Microsoft Active Directory (AD) subject matter expert with a deep understanding of AD principles and best practices eager to optimize and improve legacy configurations.
Administer accounts, network rights, and access to systems and equipment.
Operate and maintain highly automated systems for gaining and maintaining access to target systems.
Apply and utilize authorized cyber capabilities to enable access to targeted networks.
Assess adequate access controls based on principles of least privilege and need-to-know.
Ability to work in a fast-paced environment, supporting multiple initiatives simultaneously and prioritizing work to meet and or exceed expectations.
Understanding Business requirements, processes, and best practices.
Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
Design group policies and access control lists continuously to ensure compatibility with organizational standards, business rules, and needs.
Familiar with HIPAA Security and other regulatory healthcare requirements and provides input on security policy and protocol to ensure compliance.
Review new systems for appropriate application security access controls and audit functionality.