Logo
Pennsylvania Medicine

Cybersecurity Epic Analyst (Associate, Mid, Senior) Job at Pennsylvania Medicine

Pennsylvania Medicine, Philadelphia, PA, United States

Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.

Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?

Entity: IS-Cybersecurity
Department: Corporate Services
Location: 3535 Market Street
Hours: Hybrid, 8:30 to 5:00
(The role involves on-site presence for the first 6 months with the possibility of remote work after the introductory period is completeCybersecurity Epic Associate AnalystUnder limited supervision, this position will administer all aspects of the system security standards and profiles of the Epic system. This position will also set up and maintain Data Courier connections between their organization's multiple environments. This position will also be responsible for monitoring and auditing of security guidelines along with monitoring and auditing changes. This is a power user of the Epic system, where technical, functional, and analytical skill are required along with knowledge on how to leverage the Epic system to provide the greatest benefit to the given LG clinical and business areas. Plans and coordinates unstructured activities around system use while leading and working with cross functional teams, applications and Penn Medicine enterprise systems. The role performs system support for the installation, maintenance, and training of the Epic System. Possesses knowledge of and takes responsibility for the architecture and how the system works internally and together with other systems.
Accountabilities
  • Develops and maintains policy and procedures related to Data Courier.
  • Provides training and education relate to using Data Courier.
  • Develops and maintains policy and procedures related to role based access. Periodically reviews and validates role based access is upheld.
  • Defines and configures a Data Courier stream, the Data Courier Administrator's Menu, and other assorted tools and utilities used to maintain environments connected with the Data Courier.
  • Audits data courier user moves to production.
  • Develops and maintains consistent, secure mechanism for granting access to and removing access from Epic. Periodically reviews and validates integrity of template use for authorized users.
  • Develops and maintains the master templates from which role based access is assigned. Works closely with the Customer Access Analysts to ensure timely activation, deactivation, and revision of user access.
  • Provides oversight and accountability to the integrity of master file changes, specifically EMP. Creates or suggests new role based access templates as needed.
  • Confirms and ensures the use of only authorized network user ID's.
  • Develops the user access requirements to ensure they can be used for developing additional security access levels as part of future implementations. Performs pre and post go-live validation that appropriate role based access is assigned.
  • Organizes efforts of those involved in managing application security, ensuring that everyone on the team has a full understanding of the goal as well as the expected outcomes.
  • Develops go-live, conversion, and implementation plans that include good communications with team members and ensures effective contingencies and back out plans are in place. This includes post implementation measurement reviews to confirm benefits expected have been achieved.
  • Provides daily support of the Epic system which includes support of implementations, and system operations as follows:
  • Troubleshoots problems and develops processes for issues that are undefined, where root problem is unknown, and the entire system is affected
  • Ensures that vendor activities are monitored and documented, and works with vendors and technical staff to ensure security patches are applied in a timely manner as well as improving the system security within the application
  • Identifies potential issues between applications, recommends solutions and requests assignment of owners
  • Tracks progress and coordinates integration
  • Auditing Responsibilities include the following:
  • Reviews security access logs
  • Reviews and verifies the previous weeks audit reports
  • Reviews audit logs for suspicious failed logon attempts
  • Reviews and identifies all inappropriate occurrences of viewed of records including:
  • Break The Glass
  • Same Last Name Record View
  • Compares User Access vs. Job function.
  • Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
  • Other duties as assigned to support the unit, department, entity, and health system organization
Minimum RequirementsRequired Education and Experience
  • Bachelor's Degree in Computer Science, Business Administration, Engineering, or Process Improvement (Current Internal Penn Medicine Information Services division employees may be considered with proof of active and continued enrollment in an approved Bachelor's Degree program.)
  • 1+ years of Healthcare IT experience is required.
  • 1+ years of Help Desk or IS customer support experience is preferred.
  • 1+ years of Experience with server class systems, including Windows Server, Active Directory, AD group security, group policy objects, provisioning enterprise mailboxes is preferred.
  • 1+ years of Providing daily operational support including break/fix work, customer service, review and evaluate system performance including testing of possible system upgrade is required.
  • 1+ years of Experience working on a Build team for an Epic System Installation is required.
Licenses, Registrations, and Certifications
  • Epic Security Certification is preferred.
  • Epic Data Courier Certification is preferred.
  • Any Epic application Certification is preferred.
Required Skills and Abilities
  • Knowledge of Epic provisioning including EMP and SER records
  • Skilled in time, priority and task management
  • Interpersonal skills to interact with customers and team members
  • Good communication skills to interact with team members and support personnel
  • Good leadership skills to guide and mentor the work of less experienced personnel
  • Ability to anticipate problems, resolve ambiguity and take decisive action
  • Ability to anticipate problems, resolve ambiguity and take decisive action
  • Good ability to analyze and solve complex problems using analytical and creative problem solving skills for design, creation and testing of networks
  • Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
  • Willingness to travel
Cybersecurity Epic AnalystUnder limited supervision, this position will administer all aspects of the system security standards and profiles of the Epic system. This position will also set up and maintain Data Courier connections between their organization's multiple environments. This position will also be responsible for monitoring and auditing of security guidelines along with monitoring and auditing changes. This is a power user of the Epic system, where technical, functional, and analytical skill are required along with knowledge on how to leverage the Epic system to provide the greatest benefit to the given LG clinical and business areas. Plans and coordinates unstructured activities around system use while leading and working with cross functional teams, applications and Penn Medicine enterprise systems. The role performs system support for the installation, maintenance, and training of the Epic System. Possesses knowledge of and takes responsibility for the architecture and how the system works internally and together with other systems.
Accountabilities
  • Develops and maintains policy and procedures related to Data Courier.
  • Provides training and education relate to using Data Courier.
  • Develops and maintains policy and procedures related to role based access. Periodically reviews and validates role based access is upheld.
  • Defines and configures a Data Courier stream, the Data Courier Administrator's Menu, and other assorted tools and utilities used to maintain environments connected with the Data Courier.
  • Audits data courier user moves to production.
  • Develops and maintains consistent, secure mechanism for granting access to and removing access from Epic. Periodically reviews and validates integrity of template use for authorized users.
  • Develops and maintains the master templates from which role based access is assigned. Works closely with the Customer Access Analysts to ensure timely activation, deactivation, and revision of user access.
  • Provides oversight and accountability to the integrity of master file changes, specifically EMP. Creates or suggests new role based access templates as needed.
  • Confirms and ensures the use of only authorized network user ID's.
  • Develops the user access requirements to ensure they can be used for developing additional security access levels as part of future implementations. Performs pre and post go-live validation that appropriate role based access is assigned.
  • Organizes efforts of those involved in managing application security, ensuring that everyone on the team has a full understanding of the goal as well as the expected outcomes.
  • Develops go-live, conversion, and implementation plans that include good communications with team members and ensures effective contingencies and back out plans are in place. This includes post implementation measurement reviews to confirm benefits expected have been achieved.
  • Provides daily support of the Epic system which includes support of implementations, and system operations as follows:
  • Troubleshoots problems and develops processes for issues that are undefined, where root problem is unknown, and the entire system is affected
  • Ensures that vendor activities are monitored and documented, and works with vendors and technical staff to ensure security patches are applied in a timely manner as well as improving the system security within the application
  • Identifies potential issues between applications, recommends solutions and requests assignment of owners
  • Tracks progress and coordinates integration
  • Auditing Responsibilities include the following:
  • Reviews security access logs
  • Reviews and verifies the previous weeks audit reports
  • Reviews audit logs for suspicious failed logon attempts
  • Reviews and identifies all inappropriate occurrences of viewed of records including:
  • Break The Glass
  • Same Last Name Record View
  • Compares User Access vs. Job function.
Minimum RequirementsRequired Education and Experience
  • Bachelor's Degree of Computer Science, Business Administration, Engineering, or Process Improvement (Current Internal Penn Medicine Information Services division employees may be considered with proof of active and continued enrollment in an approved Bachelor's Degree program.)
  • 3+ years Healthcare IT experience is required.
  • 2+ years of Help Desk or IS customer support experience is preferred.
  • 1+ years of Experience with server class systems, including Windows Server, Active Directory, AD group security, group policy objects, provisioning enterprise mailboxes is preferred.
  • 2+ years of Providing daily operational support including break/fix work, customer service, review and evaluate system performance including testing of possible system upgrade is required.
  • 1+ years of Experience working on a Build team for an Epic System Installation is required.
Licenses, Registrations, and Certifications
  • Epic Security Certification is preferred.
  • Epic Data Courier Certification is preferred.
  • Any Epic application Certification is preferred.
Required Skills and Abilities
  • Knowledge of Epic provisioning including EMP and SER records
  • Skilled in time, priority and task management
  • Interpersonal skills to interact with customers and team members
  • Good communication skills to interact with team members and support personnel
  • Good leadership skills to guide and mentor the work of less experienced personnel
  • Ability to anticipate problems, resolve ambiguity and take decisive action
  • Ability to work independently and as part of a team
  • Good ability to analyze and solve complex problems using analytical and creative problem solving skills for design, creation and testing of networks
  • Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
  • Willingness to travel
Cybersecurity Epic Senior AnalystUnder very limited supervision, this position will administer all aspects of the system security standards and profiles of the Epic system. This position will also set up and maintain Data Courier connections between their organization's multiple environments. This position will also be responsible for monitoring and auditing of security guidelines along with monitoring and auditing changes. This is a power user of the Epic system, where technical, functional, and analytical skill are required along with knowledge on how to leverage the Epic system to provide the greatest benefit to the given LG clinical and business areas. Plans and coordinates unstructured activities around system use while leading and working with cross functional teams, applications and Penn Medicine enterprise systems. The role performs system support for the installation, maintenance, and training of the Epic System. Possesses knowledge of and takes responsibility for the architecture and how the system works internally and together with other systems.
Accountabilities
  • Develops and maintains policy and procedures related to Data Courier.
  • Provides training and education relate to using Data Courier.
  • Develops and maintains policy and procedures related to role based access. Periodically reviews and validates role based access is upheld.
  • Defines and configures a Data Courier stream, the Data Courier Administrator's Menu, and other assorted tools and utilities used to maintain environments connected with the Data Courier.
  • Audits data courier user moves to production.
  • Develops and maintains consistent, secure mechanism for granting access to and removing access from Epic. Periodically reviews and validates integrity of template use for authorized users.
  • Develops and maintains the master templates from which role based access is assigned. Works closely with the Customer Access Analysts to ensure timely activation, deactivation, and revision of user access.
  • Provides oversight and accountability to the integrity of master file changes, specifically EMP. Creates or suggests new role based access templates as needed.
  • Confirms and ensures the use of only authorized network user ID's.
  • Develops the user access requirements to ensure they can be used for developing additional security access levels as part of future implementations. Performs pre and post go-live validation that appropriate role based access is assigned.
  • Organizes efforts of those involved in managing application security, ensuring that everyone on the team has a full understanding of the goal as well as the expected outcomes.
  • Develops go-live, conversion, and implementation plans that include good communications with team members and ensures effective contingencies and back out plans are in place. This includes post implementation measurement reviews to confirm benefits expected have been achieved.
  • Provides daily support of the Epic system which includes support of implementations, and system operations as follows:
  • Troubleshoots problems and develops processes for issues that are undefined, where root problem is unknown, and the entire system is affected
  • Ensures that vendor activities are monitored and documented, and works with vendors and technical staff to ensure security patches are applied in a timely manner as well as improving the system security within the application
  • Identifies potential issues between applications, recommends solutions and requests assignment of owners
  • Tracks progress and coordinates integration
  • Auditing Responsibilities include the following:
  • Reviews security access logs
  • Reviews and verifies the previous weeks audit reports
  • Reviews audit logs for suspicious failed logon attempts
  • Reviews and identifies all inappropriate occurrences of viewed of records including:
  • Break The Glass
  • Same Last Name Record View
  • Compares User Access vs. Job function.
  • Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
  • Other duties as assigned to support the unit, department, entity, and health system organization
Minimum RequirementsRequired Education and Experience
  • Bachelor's Degree of Computer Science, Business Administration, Engineering, or Process Improvement (Current Internal Penn Medicine Information Services division employees may be considered with proof of active and continued enrollment in an approved Bachelor's Degree program.)
  • 5+ years Healthcare IT experience is required.
  • 4+ years of Help Desk or IS customer support experience is preferred.
  • 3+ years of Experience with server class systems, including Windows Server, Active Directory, AD group security, group policy objects, provisioning enterprise mailboxes is preferred.
  • 4+ years of Providing daily operational support including break/fix work, customer service, review and evaluate system performance including testing of possible system upgrade is required.
  • 3+ years of Experience working on a Build team for an Epic System Installation is required.
Licenses, Registrations, and Certifications
  • Epic Security Certification is preferred.
  • Epic Data Courier Certification is preferred.
  • Any Epic application Certification is required.
Required Skills and Abilities
  • Knowledge of Epic provisioning including EMP and SER records
  • Skilled in time, priority and task management
  • Interpersonal skills to interact with customers and team members
  • Good communication skills to interact with team members and support personnel
  • Ability to anticipate problems, resolve ambiguity and take decisive action
  • Ability to work independently and as part of a team
  • Good ability to analyze and solve complex problems using analytical and creative problem solving skills for design, creation and testing of networks
  • Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
  • Willingness to travel
Because growth is essential to continuing to meet the current and future needs of patients, Penn Medicine continues to expand its capabilities.

We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.

Live Your Life's Work

We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.