Epic Applications Security Manager

Position Title

Job Description

Purpose & Scope:

The Epic Applications Security Manager provides strategic leadership and operational oversight for all Epic-related application security functions. This role manages the team responsible for safeguarding Epic system assets, ensuring strong access governance, and maintaining a secure environment for clinical and operational workflows. The Manager directs all Epic security lifecycle activities, including access strategy, build standards, testing governance, risk evaluation, and integration with enterprise cybersecurity programs.

This position serves as the primary liaison between Epic application teams, Information Security, IT Operations, Compliance, and clinical/business departments to ensure that all Epic users have the appropriate access needed to perform their roles while maintaining strict security, privacy, and regulatory compliance. The Manager oversees issue resolution, coordinates incident response related to Epic security, evaluates emerging risks, designs mitigation strategies, and leads continuous improvement of Epic security posture and processes.

Education:

Bachelor's degree in computer engineering, computer science, or information systems management or approved equivalent combination of education and experience. Three years of additional related experience may be substituted in lieu of educational requirement.

Experience:

• Minimum five to seven years of experience in information technology or information security, including direct responsibility for application security programs.
• Prior experience supporting Epic application security is strongly preferred.
• Experience leading teams or serving as a project or technical lead in a complex healthcare environment.
• Strong understanding of operating systems, risk assessment processes, project planning/management, and business continuity.
• Experience with enterprise vulnerability scanning, code review, and secure development practices.
• Experience engaging cross-functional stakeholders and serving as the escalation point for complex security issues.
• Experience with and knowledge of UNIX operating systems desired and Microsoft operating systems required; risk and threat assessment process and practices; project planning and management; business continuity planning, documentation and evaluation
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))

Certification/Licensure:

None.