• Implements and maintains EpicCare systems and databases to ensure optimum performance. Performs analysis of new releases and determines how they will impact workflow. • Defines modifications to application software or databases to address system functions or enhancements. • Facilitates Epic updates, new releases and system enhancements. Manages all phases of testing and assists Lead/Project Manager in work effort and project scoping. • Manages complex IT projects/products in order to provide automated solutions that meet Inova Health System's business needs using the EpicCare solution. • Initiates issues for resolution while escalating and communicating status to management in a timely manner. • Conducts and participates in system technical and application reviews to determine feasibility, cost and evaluate usefulness for Inova. Coordinates vendor demos, site visits and reference calls. • Makes recommendations for team/analyst training programs and assists in the development and implementation of team member training/mentoring activities.

• Manage and execute the company’s information security program, including policies, procedures, controls, security standards, risk assessments, remediation tracking, and ongoing security improvements. • Perform day-to-day security activities, including monitoring security tools, reviewing alerts, investigating suspicious activity, coordinating remediation, managing vulnerabilities, and improving detective and preventive controls. • Assess, implement, and maintain security controls across enterprise systems, including infrastructure, endpoints, identity platforms, cloud environments, field service applications, mobile devices, and the Microsoft Azure and Microsoft 365 ecosystems. • Maintain and execute the company’s incident response process. Investigate security events, coordinate containment and remediation efforts, document incidents, and work with internal teams and external partners as needed. • Identify and address cybersecurity risks related to field service scheduling systems, mobile device usage, remote workforce access, geographically dispersed operations, and field technician workflows. • Perform or coordinate vulnerability assessments, risk reviews, security control evaluations, and remediation efforts. Prioritize findings based on business impact, likelihood, and operational risk. • Support and improve identity and access management practices, including user access reviews, privileged access controls, multi-factor authentication, conditional access, endpoint security, and device compliance. • Configure, monitor, and improve security across Microsoft Azure and Microsoft 365 environments, including Entra ID, Defender, Purview, Exchange Online, SharePoint, Teams, Intune, and related security capabilities. • Support disaster recovery and business continuity planning from a cybersecurity perspective. Assist with backup protection, recovery testing, ransomware readiness, and resilience planning. • Maintain security documentation, policies, procedures, standards, risk registers, audit evidence, and compliance-related materials. Help ensure alignment with applicable cybersecurity best practices and business requirements. • Promote a practical security awareness culture across the organization, including field technicians, office staff, operations teams, and business users. Support phishing simulations, user education, and security communications. • Assist with security reviews of vendors, service providers, software platforms, and third-party integrations. Track risks and coordinate follow-up remediation where needed. • Work closely with infrastructure, applications, service desk, operations, and business stakeholders to identify security needs, resolve issues, and implement practical security improvements.

• Serve as the enterprise cybersecurity lead responsible for cybersecurity operations and risk management across infrastructure, endpoints, identity, cloud, applications, data, and third-party environments. • Partner closely with Infrastructure & Operations to strengthen endpoint security, vulnerability management, patching, identity and access management, logging, monitoring, and incident detection and response capabilities. • Provide technical cybersecurity leadership across Microsoft, cloud, SaaS, and enterprise platforms to improve overall security posture. • Partner with enterprise application teams to ensure secure architecture, integrations, and data practices across core business platforms, including Microsoft technologies and enterprise applications. • Lead cybersecurity incident response coordination, tabletop exercises, root cause analysis, and remediation planning. • Evaluate emerging threats and recommend pragmatic, risk-based mitigation strategies aligned to business priorities. • Monitor and assess cybersecurity posture across internal and third-party environments. • Help define and mature enterprise cybersecurity capabilities, operating processes, and governance appropriate for a growing organization. • Develop and maintain cybersecurity policies, standards, procedures, and best practices. • Build and maintain a practical cybersecurity roadmap focused on risk reduction, resiliency, and operational effectiveness. • Establish cybersecurity metrics, scorecards, and reporting for IT leadership and executive stakeholders. • Conduct risk assessments and partner with teams to prioritize remediation activities. • Support security awareness and training initiatives. • Support enterprise cybersecurity governance practices, including access controls, vendor risk management, data protection, and security awareness. • Partner with stakeholders on cybersecurity-related audits, customer questionnaires, cyber insurance requirements, and compliance activities. • Help mature incident response, disaster recovery, and business continuity capabilities. • Establish practical, scalable controls appropriate for a fast-paced, growth-oriented organization. • Drive accountability, service quality, and measurable outcomes across third-party providers. • Evaluate cybersecurity tools and recommend solutions aligned to business needs and organizational maturity. • Establish a strong cybersecurity operating foundation and improve organizational resiliency through pragmatic controls and risk reduction.

• Administer and optimize the DSPM platform (Cyera); drive data discovery, classification, and risk prioritization across cloud and on-premises environments. • Administer and operate the DLP platform (Proofpoint); create, tune, and maintain policies to prevent unauthorized data movement. • Investigate and respond to DLP incidents; work with information owners and business stakeholders to resolve and remediate. • Collaborate with Security Analysts to correlate data security findings with broader security investigations and incidents. • Design and implement a data classification schema and labeling program. • Define and maintain data security policies and procedures. • Build metrics and reporting to communicate program health and risk reduction to leadership. • Partner with legal, compliance, and IT teams to align data security controls with business requirements. • Support audits and regulatory requirements related to data protection. • Contribute to disaster recovery planning and exercises with technology teams.